SUSE CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

Information disclosure

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

CVE-2021-46778

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

GHSA-8F4W-JWQV-5CXC Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

Mageia: Security Advisory (MGASA-2018-0470)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

AZL-7747 CVE-2022-23303 affecting package wpa_supplicant for versions less than 2.10-1

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

PT-2022-5940 · Hostap +7 · Hostapd +7

Name of the Vulnerable Software and Affected Versions: hostapd versions prior to 2.10 wpa supplicant versions prior to 2.10 Description: The issue is related to an incomplete fix, resulting in side channel attacks due to cache access patterns. This allows an attacker to potentially disclose...

Input validation

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

The vulnerability of the SAE implementation of the wpa_supplicant function for wireless communication devices with WPA certification lies in the fact that it exposes information, allowing attackers to gain access to confidential data.

The vulnerability of the SAE implementation of the wpasupplicant function for wireless communication devices with WPA certification is related to errors in timing and access patterns to the cache. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability of the SAE implementation of the wpa_supplicant function for wireless communication devices with WPA certification lies in the authentication procedures’ flaws, which allow a perpetrator to cause a service failure.

The vulnerability of the SAE function of the wpasupplicant implementation for wireless communication devices with WPA certification is related to incorrect authentication sequence. Exploiting this vulnerability allows a remote attacker to cause service failure...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ovmf Multiple Vulnerabilities (NS-SA-2021-0180)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ovmf packages installed that are affected by multiple vulnerabilities: - Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi...

CVE-2021-24735

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

Cross site request forgery (csrf)

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

CVE-2021-41753

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames...

XSS Vulnerability in Xunfei Documents of KUDA Xunfei Co.

Xunfei Documents is an online document app produced by KUDA Xunfei that supports simultaneous editing by multiple people and multiple ends. A XSS vulnerability exists in Xunfei Document of KUDA Xunfei Corporation, which can be exploited by an attacker to obtain an administrator cookie...

XSS Vulnerability in Cyberdrive Documents

Xunfei Documents is an online document app produced by KUDA Xunfei that supports multiple people editing at the same time on multiple devices, such as computers, mobile phones, tablets, and other types of devices to view and modify documents anytime, anywhere, and easily improve work efficiency...

Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation

Summary: https://sifchain.finance is using Bootstrap framework version 4.0.0 which is =4.0.0 4. Visit https://sifchain.finance/wp-content/themes/icos/assets/js/vendor/bootstrap.min.js?ver=5.7.2 5. You'll get the Bootstrap Version, Which is v4.0.0 and its vulnerable to Cross-site Scripting XSS...