) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:w1.fi:hostapd:2.9:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-23304 |
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. Published: January 16, 2022; 9:15:06 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
| CVE-2022-23303 |
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. Published: January 16, 2022; 9:15:06 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
| CVE-2021-30004 |
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. Published: April 02, 2021; 1:15:13 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2019-16275 |
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. Published: September 12, 2019; 4:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |