Lucene search
+L

14 matches found

cve
cve
added 2017/10/17 1:0 p.m.397 views

CVE-2017-13081

CVE-2017-13081 describes a KRACK-class flaw in WPA/WPA2 where the Integrity Group Temporal Key (IGTK) can be reinstalled during the group key handshake. This enables an attacker within radio range to spoof frames from APs to clients, potentially undermining confidentiality and integrity of WPA/WP...

5.3CVSS6.7AI score0.02003EPSS
cve
cve
added 2017/10/17 1:0 p.m.385 views

CVE-2017-13079

CVE-2017-13079 is a KRACK-type vulnerability affecting WPA/WPA2 where reinstallation of the Integrity Group Temporal Key (IGTK) can occur during the 4-way handshake. An attacker in radio range can spoof frames from APs to clients by exploiting IGTK reinstallation. Public disclosures and advisorie...

5.3CVSS6.6AI score0.02124EPSS
cve
cve
added 2017/10/17 2:0 a.m.384 views

CVE-2017-13077

CVE-2017-13077 is a KRACK-related vulnerability affecting Wi‑Fi (WPA/WPA2) where an attacker within radio range can force PTK nonce reuse during the four‑way handshake, enabling replay, decryption, or spoofing of frames. The initial description confirms the vulnerability and impact. Connected doc...

6.8CVSS7.3AI score0.02388EPSS
cve
cve
added 2017/10/17 1:0 p.m.381 views

CVE-2017-13080

CVE-2017-13080 corresponds to the WPA2/Wi‑Fi Key Reinstallation Attack (KRACK) risk, where a network-adjacent attacker can leverage a flaw in the group key handshake to reinstall GTK keys and replay frames. The core description in the initial document confirms: an attacker in radio range can repl...

5.3CVSS6.9AI score0.02285EPSS
cve
cve
added 2017/10/17 1:0 p.m.293 views

CVE-2017-13078

CVE-2017-13078 is part of the KRACK family impacting WPA2. A attacker in Wi‑Fi range could reinstall the GTK during the 4‑way handshake, replaying frames to clients. Apple addresses this via security updates (e.g., HT208221/HT208222) for macOS High Sierra/Sierra and related AirPort firmware; exac...

5.3CVSS6.7AI score0.0207EPSS
cve
cve
added 2017/10/17 1:0 p.m.288 views

CVE-2017-13082

CVE-2017-13082 is one of the KRACK-class WPA2 flaws. Android/Arch/Debian/CentOS references describe an issue where a retransmitted FT Reassociation Request can reinstall the PTK during processing, enabling a nearby attacker to replay, decrypt, or spoof frames. Impact described across sources incl...

8.1CVSS7.7AI score0.04575EPSS
cve
cve
added 2017/10/17 1:0 p.m.262 views

CVE-2017-13087

CVE-2017-13087 affects WPA/WPA2 (WPA2) implementations in wpa_supplicant/wpa and is part of the KRACK family. The issue is a GTK reinstallation triggered when processing a Wireless Network Management Sleep Mode Response frame, allowing an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01742EPSS
cve
cve
added 2017/07/21 2:0 p.m.248 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
cve
cve
added 2017/10/17 1:0 p.m.245 views

CVE-2017-13086

CVE-2017-13086 affects WPA/WPA2, specifically the TDLS handshake where the TDLS PeerKey (TPK) can be reinstalled. The root cause is key reinstallation during the TDLS handshake, enabling an attacker within radio range to replay, decrypt, or spoof frames. This vulnerability is documented across mu...

6.8CVSS7.2AI score0.02046EPSS
cve
cve
added 2017/10/17 1:0 p.m.242 views

CVE-2017-13088

CVE-2017-13088 is part of the KRACK family affecting WPA/WPA2 (802.11) where reinstallation of the Integrity Group Temporal Key (IGTK) can occur while processing a Wireless Network Management Sleep Mode Response frame. The flaw enables an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01807EPSS
cve
cve
added 2017/07/21 2:0 p.m.202 views

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

7.5CVSS7.1AI score0.05839EPSS
cve
cve
added 2017/07/21 2:0 p.m.184 views

CVE-2015-5194

CVE-2015-5194: ntpd’s log_config_command in ntp_parser.y allows remote attackers to crash ntpd via crafted logconfig commands. Affected are ntpd before 4.2.7p42; remediation is to upgrade to a fixed version (4.2.7p42+). Connected advisories from F5/IBM detail affected products and patch guidance ...

7.5CVSS7.1AI score0.05536EPSS
cve
cve
added 2017/10/17 1:0 p.m.129 views

CVE-2017-13084

CVE-2017-13084 describes a vulnerability in WPA/WPA2 where the Station-To-Station-Link (STK) key can be reinstalled during the PeerKey handshake. An attacker within wireless range may replay, decrypt, or spoof frames by exploiting STSL STK reinstallation. Public sources confirm this as part of th...

6.8CVSS7AI score0.02205EPSS
cve
cve
added 2017/05/03 7:0 p.m.75 views

CVE-2017-7995

Concretely, CVE-2017-7995 affects Xen PV guests prior to 4.3: MMIO access permission checks were performed after accessing MMIO ranges, enabling host PCI device space memory reads and leading to information disclosure. The underlying cause is an error in the get_user function. Public symptom and ...

3.8CVSS4.2AI score0.00368EPSS