EUVD-2018-6436

Malware in sbrugna...

DEBIAN-CVE-2023-6937

wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a result, it was possible to combine DTLS messages using different keys into one DTLS record. The most extreme edge case is that, in DTLS 1.3, it was possible that an unencrypted DTLS 1.3 record...

SUSE-SU-2019:1088-1 Security update for wpa_supplicant

This update for wpasupplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

EulerOS Virtualization 2.5.4 : wpa_supplicant (EulerOS-SA-2019-1194)

According to the version of the wpasupplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Ke...

SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2018:3480-1)

This update for wpasupplicant provides the following fixes : This security issues was fixe : CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

Amazon Linux 2 : wpa_supplicant (ALAS-2018-1122)

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

Medium: wpa_supplicant

Issue Overview: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover...

EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2018-1318)

According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is n...

Debian DLA-1462-1 : wpa security update

The following vulnerability was discovered in wpasupplicant. CVE-2018-14526: | An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 | through 2.6. Under certain conditions, the integrity of EAPOL-Key | messages is not checked, leading to a decryption oracle. An attacker | within range of...

Debian: Security Advisory (DLA-1462-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

CVE-2018-14526

CVE-2018-14526 affects wpa_supplicant (rsn_supp/wpa.c) up to 2.6, where under certain conditions the integrity of EAPOL-Key messages is not checked, enabling a decryption oracle. An attacker in range of the AP and client could recover sensitive information. Public advisories across distributions ...

CVE-2018-14526

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

UBUNTU-CVE-2018-14526

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

NativeKey continues handling key messages after widget is destroyed — Mozilla

Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a...

DEBIAN-CVE-2002-1568

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service crash via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENTMASTERKEY messages,...