Search criteria
120 vulnerabilities found for hostapd by w1.fi
FKIE_CVE-2025-24912
Vulnerability from fkie_nvd - Published: 2025-03-12 05:15 - Updated: 2025-10-24 18:40
Severity ?
Summary
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2634D924-B17C-47D4-B6DE-F69736D79E54",
"versionEndIncluding": "2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail."
},
{
"lang": "es",
"value": "hostapd no procesa correctamente los paquetes RADIUS manipulados. Cuando hostapd autentica dispositivos Wi-Fi con autenticaci\u00f3n RADIUS, un atacante ubicado entre hostapd y el servidor RADIUS podr\u00eda inyectar paquetes RADIUS manipulados y forzar el fallo de las autenticaciones RADIUS."
}
],
"id": "CVE-2025-24912",
"lastModified": "2025-10-24T18:40:03.117",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
}
]
},
"published": "2025-03-12T05:15:37.430",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN19358384/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://w1.fi/hostapd/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-826"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-37660
Vulnerability from fkie_nvd - Published: 2025-02-11 23:15 - Updated: 2025-11-03 20:15
Severity ?
Summary
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8C7AC9-6C6F-4BCE-B72D-5D3E03D32795",
"versionEndIncluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association."
},
{
"lang": "es",
"value": "En hostapd 2.10 y versiones anteriores, el c\u00f3digo PKEX permanece activo incluso despu\u00e9s de una asociaci\u00f3n PKEX exitosa. Un atacante que haya iniciado con \u00e9xito claves p\u00fablicas con otra entidad que usa PKEX en el pasado, podr\u00e1 subvertir una futura iniciaci\u00f3n observando pasivamente las claves p\u00fablicas, reutilizando el elemento de cifrado Qi y rest\u00e1ndolo del mensaje capturado M (X = M - Qi). Esto dar\u00e1 como resultado la clave p\u00fablica ef\u00edmera X; el \u00fanico elemento necesario para subvertir la asociaci\u00f3n PKEX."
}
],
"id": "CVE-2022-37660",
"lastModified": "2025-11-03T20:15:55.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-11T23:15:08.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://link.springer.com/article/10.1007/s10207-025-00988-3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-323"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-23303
Vulnerability from fkie_nvd - Published: 2022-01-17 02:15 - Updated: 2025-11-03 20:15
Severity ?
Summary
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| w1.fi | hostapd | * | |
| w1.fi | wpa_supplicant | * | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3587622-0BD8-4DCB-811F-410671BBD37E",
"versionEndExcluding": "2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334B562B-B7A1-480C-ADF0-B92A14385AD1",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494."
},
{
"lang": "es",
"value": "Las implementaciones de SAE en hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, son vulnerables a ataques de canal lateral como resultado de los patrones de acceso a la cach\u00e9. NOTA: este problema se presenta debido a una correcci\u00f3n incompleta de CVE-2019-9494"
}
],
"id": "CVE-2022-23303",
"lastModified": "2025-11-03T20:15:52.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-17T02:15:06.760",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://w1.fi/security/2022-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://w1.fi/security/2022-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23304
Vulnerability from fkie_nvd - Published: 2022-01-17 02:15 - Updated: 2025-11-03 20:15
Severity ?
Summary
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| w1.fi | hostapd | * | |
| w1.fi | wpa_supplicant | * | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3587622-0BD8-4DCB-811F-410671BBD37E",
"versionEndExcluding": "2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334B562B-B7A1-480C-ADF0-B92A14385AD1",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495."
},
{
"lang": "es",
"value": "Las implementaciones de EAP-pwd en hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, son vulnerables a ataques de canal lateral como resultado de los patrones de acceso a la cach\u00e9. NOTA: este problema se presenta debido a una correcci\u00f3n incompleta de CVE-2019-9495"
}
],
"id": "CVE-2022-23304",
"lastModified": "2025-11-03T20:15:52.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-17T02:15:06.813",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://w1.fi/security/2022-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://w1.fi/security/2022-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-30004
Vulnerability from fkie_nvd - Published: 2021-04-02 05:15 - Updated: 2024-11-21 06:03
Severity ?
Summary
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| w1.fi | hostapd | 2.9 | |
| w1.fi | wpa_supplicant | 2.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4AE8EA-985A-471B-A423-591D604D6C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA940F9-A024-41FD-9B35-956788414E35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c."
},
{
"lang": "es",
"value": "En wpa_supplicant y hostapd versi\u00f3n 2.9, los ataques de falsificaci\u00f3n pueden ocurrir porque los par\u00e1metros AlgorithmIdentifier son manejados inapropiadamente en los archivos tls/pkcs1.c y tls/x509v3.c."
}
],
"id": "CVE-2021-30004",
"lastModified": "2024-11-21T06:03:13.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-02T05:15:13.313",
"references": [
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-12695
Vulnerability from fkie_nvd - Published: 2020-06-08 17:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ui:unifi_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EAF0BA-0F00-4EC3-8AD1-38798E302EDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96FB9DD1-0AD3-422E-BE39-36D16B259BB3",
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-n11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4A59C5-BD20-4EF8-BB18-E3EC2AFAB02F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:adsl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5324C118-FC2A-4701-A2D4-B149B6F8D82B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:canon:selphy_cp1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27493F05-2B86-41C9-90F3-29ED4621989F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3B7126-28E1-42F8-98CF-0EC156BE68D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB01CB7-C5BB-49D6-85A7-CECED514C7CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9917176-E908-4110-A641-FED1DFF41C43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dvg-n5412sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE29D9CF-0D42-4C02-8300-364DD9D87553",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:b1165nfw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42ADBAEC-12BB-40FB-B013-9E66B7849FE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:ep-101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A29F002-A941-44B1-9CD3-CC239DCBC1EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:ew-m970a3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA722A34-5071-41A6-8C94-10719DCB0A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:m571t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5772EE0-AAFE-4E11-BE24-05839353E89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCFF0E3-1CA8-4676-9152-0F9B7E0DAF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-2101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1EBF0A-5E1B-4B26-97C3-08EFFECD4941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-2105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48BD48DC-F9D7-4377-9E08-93AB0416570D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD52F9F-7715-424A-B0CD-923507C3AB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A1753-C59A-447F-9396-F3B4284112DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC93844-D227-42B7-AE09-A439756773BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A52BAA-FCAB-4D01-B533-CDC2230F41B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DFAEE5-8B2C-4940-AC00-2961BC373755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-4105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FACBCEE3-5F3E-42B8-B6D4-3E945BC8BFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8F786A-C18B-4320-8B3D-2572D84BEFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F20CDA-18E9-4AC7-BC83-0C94A184B398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30063847-3DAD-4485-9B38-4C0E8F928E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-702:-:*:*:*:*:*:*:*",
"matchCriteriaId": "996C8FE4-5926-4D97-A28F-E371F3AFA876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAAA79D-A2A0-408F-B2E0-D88C315D73DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-8600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "866A5154-8E94-41C5-8F4F-F4B322986DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45362946-1559-42A8-A575-C136A6732B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:epson:xp-970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A17A5E-07EC-4166-BEC1-252A40A85A64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:5020_z4a69a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "606660FF-DBFD-4F88-AF36-125BA4B57D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5030_m2u92b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A109EFF-698F-438E-A9CA-7FDB2BB1E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5030_z4a70a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFA37F9-41D0-496B-B90F-1BD08A0615F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5034_z4a74a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4F2B72-03BE-49CF-85C6-405CCB0F711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:5660_f8b04a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8970163-15C4-4C35-9976-E03364E6801D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3456_a9t84c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DA94DA-C428-4143-B8EB-43B8022D98A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FB3E78-3AF8-4FE2-A6EC-5F8FE87078A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB98F236-726C-43B4-B391-90052354AFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t83b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0015AA-6FC5-4AA2-8529-A09BFF2F867F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3546_a9t82a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA69799-EA06-407A-92E0-7FFD2C7A9A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_3548_a9t81b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3A6EAD-B58C-4C45-A63E-D4F6E47EDD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA924C6-7BEB-4B2A-92E0-EA3BAFA469DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4518:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3866E12-99A8-4375-B941-B5967196A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4539F8EF-9925-47A7-A3B8-C365B64A476B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA59F9C1-069E-450F-AEEF-8D4D9395B544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFD9ED4-1DB1-4150-84EC-DD6377B626E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE84F86-9EDA-47BB-8C83-A3E7505BA776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6903ED00-1EBC-476A-ADED-650D00113193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC732835-E3DC-46A2-AF68-0E4F48A44D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4839445-6775-4DC6-A0F1-D8073EC083BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99320BB7-7F19-4DF6-B9F6-D854660CFA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D258693F-EAA4-42AA-BDE2-F9F964870DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B50A1E9-B246-44A2-A002-221EAA3A3B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1CD0D8-F551-492B-AA36-9E1FCBA66AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD8A8A3-B906-47D9-9BDE-68A73432F680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn517a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D9E6BE-F3C4-4A2C-8744-976D5F79A408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn517b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D77C54A-B051-4442-A590-C182E9594B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn517c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4731E44-0726-4BA4-9E0D-9DAA7FF4690C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn518a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84988928-8254-4C49-BB9A-DCF415594E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn519a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8604981-347C-432F-9C69-DD6ED4FB90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_100_cn519b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57DD4D8C-DF38-46CC-9C75-5FDC1C5828B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC111A4D-9EB2-48F8-95C3-279F5F01EFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F97B02EA-A8CD-477E-A370-3D801EF04472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF5706-AC17-4CB1-BB94-776149CB04ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq809d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A35DD32C-853A-42EC-821F-9F6C0E10478F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_110_cq812c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39035D44-8C6B-466B-8CDC-4693B1F0F1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_111_cq810a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD3E6A5-4BE8-4DEE-8F6A-E687E0E031AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_114_cq811a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00206EC6-40E9-44D7-91C2-DED3213BB1E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_114_cq811b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D667474F-9358-40CF-8B0F-5F31A243412E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_114_cq812a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53C5110-F0E4-4E51-97F2-C767BCBD21C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_120_cz022a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD44558B-C4F7-49FD-AC6C-CE664B707B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_120_cz022b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABCA098-9BB5-4BB2-9BC2-A2F52276A7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_120_cz022c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D70E7510-BEDA-45D1-A911-CBB6E0B5E53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_a9t80a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5342517-0F54-4C43-9058-67E292B5BF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_a9t80b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5106EA-B2DC-4674-BA84-BBD9F3B976DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_a9t89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481E0DF3-C2D3-48C4-9721-7850345F36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4500_d3p93a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E44762-F2B9-4247-874E-8A6AED396653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4501_c8d05a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2174440D-AC3E-4D24-A561-399643CCD944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4502_a9t85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B056A3A9-693E-4BA8-BB42-932569FC41F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4502_a9t87b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03318A78-FFFF-4431-BE9F-1171613A1014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4503_e6g71b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "021CD712-FB1B-4D30-BA64-93FD78578B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4504_a9t88b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9633C6CB-0BA7-48B8-B4CA-96FF8E4D80D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4504_c8d04a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87BDB946-A599-4333-8DFE-B0F4E28DA9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4505_a9t86a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47285B08-4086-495E-96B6-E56EC8E8525C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4507_e6g70b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD864766-1ADF-40CA-AC4E-D8068C19362B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4508_e6g72b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85564A-E70B-4A79-8B71-08947DA20186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4509_d3p94a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D75511-E215-494D-887F-D81B837B90B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4509_d3p94b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB6AD7A-D932-4C02-B2E2-D4C343796A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4511_k9h50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371A5792-1442-4BE5-B639-DEBF35FF60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4512_k9h49a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7447513E-A664-49F8-BCDB-041C21E4986A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4513_k9h51a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA7CDF6-4F2F-4227-AFCF-A7B77CFDBBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4516_k9h52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B45C67-E822-4932-AC44-A41B40C51089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_e6g67a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24EC840-1FE5-4BE2-95CD-79CA0AD521BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_e6g67b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83089810-0E60-4D5C-8B40-28D54E5C8121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_f0v63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC960C1-BF3D-41F4-AC85-5BEF4E96F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_f0v63b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05D6ABC6-926F-4561-8196-7B0B5F39F3DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4520_f0v69a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0525848-038E-447E-8A69-BDA1227947AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4521_k9t10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42FBB9B2-69DB-495D-87D4-F313047660FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4522_f0v67a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7477AAA3-FD6F-4A4F-B3C8-DCF55695991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4523_j6u60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D024C1BF-9F18-4D5E-988D-EC1083BA0D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4524_f0v71b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EACF115-7053-4EB6-A3F0-47D9D5D2BC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4524_f0v72b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5BB174-2D00-4B03-9DCF-32F8A93D3EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4524_k9t01a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "998C35EB-4B53-4CB7-A0A0-5FFFEF5BD155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4525_k9t09b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B34CE8-A2A4-4F36-8898-138E4B0A542A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4526_k9t05b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB71C71-5E10-43AB-83EA-AF5BD863163D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4527_j6u61b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A5F418-5FF5-4DB1-92DC-8C3588A10906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_4528_k9t08b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F9056F-C3FD-4FC6-BCCD-0501BCEDB3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CC1275-CE6D-4C40-9F5A-F799DE82CC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5058889-2BCA-4EB3-8F0A-07FF682B50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u91a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1766FB5C-A6A1-4E61-9D34-4656A862C6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB77C0E-1B04-4FC6-B5B0-D7FB21A29007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F138EE5A-CCF6-4B08-8D77-1293FC6C7C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3879D0-F71A-45B1-8D9F-ABA4CCA07A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28CF45C7-F897-4BB8-8B6D-6AEEF7B384A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5020_m2u91b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C33C80-F0F4-483F-AC8C-FBA8DD82D05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4959F00-BCCF-4C51-B476-019733E14DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5531:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF045C3-ED70-4913-AF9F-AF2D65DADDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "036366B3-1FFC-4BA0-B769-EA055BC56C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5534:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561002B2-A1BA-42C0-B81D-F3E9133FFFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5535:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD7A448-9E0A-4F9D-83EA-3283AB99966A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5536:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7969AB56-208E-432E-A8D5-DE7839492604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16666F94-9ED1-4616-9713-DE75F32D1421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_f2e72a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD41ACC2-13C6-4569-80EB-13C490A3BECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v47a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99304D37-E10C-4123-AEB8-EF9A601D7F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v51a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4A6FE7-D032-4A1F-897A-D35611B3D2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E182D8-8E50-44CB-ACE7-FD93672EDD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_g0v53a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC42C09-AC84-4D62-8C39-7482103AC14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5540_k7c85a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B03E55D-88D8-4A51-8A08-2477E7FAF1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5541_k7g89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91E209-C794-4D54-8313-ABB3755FD69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5542_k7c88a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3944F997-DBA4-4BCB-8DB1-25C0515A4977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5543_n9u88a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDF09AE-17F0-4423-92CC-70B0914A623B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5544_k7c89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E98A4D36-AB5F-47A3-8E7D-BB514EDA47AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5544_k7c93a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF0C02A-38C8-447E-80CF-6E020C6CB2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5545_g0v50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE40C41-8AB9-4286-B201-1B1FD6430149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5546_k7c90a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA576D-B448-4ABC-B86C-BD0DDC682A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5547_j6u64a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC07377-3C14-4E19-8695-9E6EE69D64EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5548_k7g87a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "442B60FE-E431-4AEB-86D4-557D5633BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5640_b9s56a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3BD841-57D0-42C7-85D6-5365A7AC60F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5640_b9s58a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A8D7F-5A2F-47D7-B60E-1AD99F34F8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5642_b9s64a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEA384D-67F2-4261-BED4-94B9058D91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5643_b9s63a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5397B5FD-921F-476A-B5F4-F1F9A94518CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5644_b9s65a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E48B3B4C-8CF0-41BB-AFD4-7D8169BCBC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5646_f8b05a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B01EB68D-D445-431C-8B7C-ED249A364A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5664_f8b08a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A36C6EBA-1B08-4F7E-BE72-2D502A37EC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_5665_f8b06a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4586D249-A8FF-4EAC-8B51-89FE59AC2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_5se16b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAF6995-205A-46FB-B904-E8102727E414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_5se17a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18824CB2-0239-4884-9C73-B1B520348C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_6wd35a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1D9413-55BE-4A4C-AC5C-ED820E0243B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6020_7cz37a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E51D01-D179-4956-9F6B-16A4E6F7F9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6052_5se18a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794EF52A-832E-4951-AE3C-8C6149E42909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6055_5se16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D75EBF-1E37-486A-BC50-B991E0EA51A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_6540_b9s59a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1275DB-E4CB-446D-9AC4-9A02E2F4E98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_7640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8892CDDD-B5D4-4D10-AA40-CC29846B3F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_7644_e4w46a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86BDA5FF-5022-44BE-92C6-5A71AAB06BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_7645_e4w44a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E427C91-DF55-4D55-A650-FF35B804B6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623C646C-DCE6-4E2C-98CB-BAA54F41485E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B8F20D-5433-4F88-89BA-C4CD6A7EFB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5F18F4-1BE4-4518-B2D1-89FD55A0E61C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CA908F-40A8-40BA-AF4C-467D9FB4B720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2B05D5-56EE-4778-A30E-2A8705760511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6220_k7g20d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A798BB4B-7F4C-4C5E-B3CC-B3BD3668F1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6220_k7g21b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB97E07-FDAF-46D2-B3F1-7F01D1B093C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6222_y0k13d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89AC8D-AACC-415C-AB42-6D7712B820EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6222_y0k14d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0875F92-3E39-4958-9240-B7E2FE8601B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6230_k7g25b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8BB196-69AD-4172-A5D9-229E77A9C81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6232_k7g26b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FB392C-FC90-45B3-B0C4-FB8762986417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6234_k7s21b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAB5445-7A0D-48A5-B03C-65D7B809BCC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_6252_k7g22a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65D3BE1C-4A96-4153-90AC-893A47B47DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC025AAE-E85B-45E8-BA94-290097CB4B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB506DAD-0266-49B6-93A1-1F3BCD7FEA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE74089E-9AAA-44BC-9A61-7A4E09789C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8543B3C3-0483-480A-9281-458E81A66DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019F45ED-891F-4C7E-9236-89F5A3F86653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7120_z3m41d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "686C6BF0-D822-4CC2-9F9D-F85AA4BBDCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7155_z3m52a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F699145A-206A-40EA-8820-46DE934E0788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7164_k7g99a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3855AF-A674-4EC1-A0E7-2A6B99A94C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500F66C5-3054-4126-8926-94DC1432D116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBEA162-162B-47C1-AE5E-2B8AB7E8E020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA1531A-B518-4408-9254-87743147F4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA85B6EF-330A-4C99-B355-3563623920A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFA22DA-5C42-4D55-B5D8-CB138B27544F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7822_y0g42d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D7FD2C-5799-4A72-AA5B-B1A2BADFB664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7822_y0g43d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21D2DF-C98C-44BE-8F55-5D345266B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_photo_7830_y0g50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8966D89-B778-4B46-B28A-1621FA910B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_5se45b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2521E9E-D61F-46E4-A5DA-35AC996137C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_5se46a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF22F28C-AE05-46C0-A9B8-0D1272147CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_6wd14a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13463F33-0D5F-4BD7-86BD-85EB0C3ED6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6420_6wd16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF59A86-2BF5-44E7-A2E7-3958064D42DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6452_5se47a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90714920-70C8-402F-A5D0-795B69887B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:envy_pro_6455_5se45a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF275372-458E-456A-94DB-0BAB5F9F15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4650_e6g87a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D183ADD-0776-4E84-8BB2-DFF427F3F666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4650_f1h96a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B26E254E-F461-42CA-BB26-5B18E2266475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4650_f1h96b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E225A758-DBDA-40F8-98A8-DD891E173B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4652_f1j02a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE13E814-C18C-474A-BC09-F5E01EF84831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4652_f1j05b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "932FB119-04F3-459E-A414-3F7A240254F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4652_k9v84b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "412A9802-E85D-4547-84B3-44E3F8DC2C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4654_f1j06b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E65AC31-6D84-4B54-BF48-98D173185B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4654_f1j07b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3020F448-42AE-4ADB-B362-CD978FCA47EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4655_f1j00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5BFA2B-0B40-48D0-AE96-E18FF069524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4655_k9v79a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78A59121-66F1-4C09-B142-B4C2F898FB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4655_k9v82b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28459A79-756A-4E36-AC7A-BAFF63E2CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4656_k9v81b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8CB88F-4333-4089-83C3-C45FEC7763E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4657_v6d29b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52B8526B-CF07-4291-9403-432CCFD5F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:officejet_4658_v6d30b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5E91F3-FD77-47E6-BBAF-E39AB288C106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hg255s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3591F4-15BB-4DF4-A78A-95618BF8E47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "630E70ED-A042-44AC-98D2-0D7A2D088DFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:wr8165n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A92BA666-CFD5-42D6-AA64-818CC2513642",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnhde111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48AE6436-788C-46E2-9F52-9999853919E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ruckussecurity:zonedirector_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C70C35-BDEA-4F58-A96B-3E24431D0F00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC86368A-7589-45FC-B9F9-E3D7175F7A96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E878B7D8-06D3-4B94-A3C4-9065B0240790",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:amg1202-t10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38C0ECB8-909F-47C9-81E5-24384D555A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53C32749-82A6-42AA-9EBE-11014F161D2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:xbox_one:10.0.19041.2494:*:*:*:*:*:*:*",
"matchCriteriaId": "703AFCFF-7B05-43E5-9600-09431D1AD04B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
},
{
"lang": "es",
"value": "La especificaci\u00f3n UPnP de Open Connectivity Foundation antes del 17-04-2020 no proh\u00edbe la aceptaci\u00f3n de una petici\u00f3n de suscripci\u00f3n con una URL de entrega en un segmento de red diferente a la URL de suscripci\u00f3n de evento totalmente calificada, tambi\u00e9n se conoce como el problema de CallStranger"
}
],
"id": "CVE-2020-12695",
"lastModified": "2024-11-21T05:00:05.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T17:15:09.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.callstranger.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.callstranger.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10064
Vulnerability from fkie_nvd - Published: 2020-02-28 15:15 - Updated: 2024-11-21 04:18
Severity ?
Summary
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| w1.fi | hostapd | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53652040-A54B-4134-8A93-8C0446AAF6A2",
"versionEndExcluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."
},
{
"lang": "es",
"value": "hostapd versiones anteriores a 2.6, en el modo EAP, hace llamadas hacia las funciones de biblioteca est\u00e1ndar rand() y random() sin ninguna llamada srand() o srandom() precedente, lo que resulta en un uso inapropiado de valores determin\u00edsticos. Esto fue corregido en conjunto con CVE-2016-10743."
}
],
"id": "CVE-2019-10064",
"lastModified": "2024-11-21T04:18:19.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-28T15:15:11.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-5061
Vulnerability from fkie_nvd - Published: 2019-12-12 22:15 - Updated: 2024-11-21 04:44
Severity ?
Summary
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F7411-0B32-4041-8235-2B1AEC186FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio explotable en el hostapd versi\u00f3n 2.6, donde un atacante podr\u00eda activar AP para enviar actualizaciones de ubicaci\u00f3n IAPP para las estaciones, antes de que el proceso de autenticaci\u00f3n requerido se complete . Esto podr\u00eda conllevar a diferentes escenarios de denegaci\u00f3n de servicio, ya sea causando ataques a la tabla CAM o conllevando un aleteo de tr\u00e1fico si falsifica clientes existentes en otros Aps cercanos de la misma infraestructura inal\u00e1mbrica. Un atacante puede falsificar paquetes de petici\u00f3n de Autenticaci\u00f3n y Asociaci\u00f3n para activar esta vulnerabilidad."
}
],
"id": "CVE-2019-5061",
"lastModified": "2024-11-21T04:44:16.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T22:15:11.047",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-440"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-5062
Vulnerability from fkie_nvd - Published: 2019-12-12 22:15 - Updated: 2024-11-21 04:44
Severity ?
Summary
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F7411-0B32-4041-8235-2B1AEC186FF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio explotable en el manejo del estado de seguridad 802.11w para clientes conectados a hostapd versi\u00f3n 2.6 con sesiones v\u00e1lidas de 802.11w. Simulando una nueva asociaci\u00f3n incompleta, un atacante puede desencadenar una desautenticaci\u00f3n contra estaciones que usan 802.11w, resultando en una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-5062",
"lastModified": "2024-11-21T04:44:16.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T22:15:11.127",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-440"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-16275
Vulnerability from fkie_nvd - Published: 2019-09-12 20:15 - Updated: 2024-11-21 04:30
Severity ?
Summary
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| w1.fi | hostapd | * | |
| w1.fi | wpa_supplicant | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4856F28C-C7EC-459C-9357-35E635781A9A",
"versionEndIncluding": "2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C32B8A-16F6-473D-AF69-EDDEE78C5A3A",
"versionEndIncluding": "2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."
},
{
"lang": "es",
"value": "hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, permiten una indicaci\u00f3n incorrecta de desconexi\u00f3n en ciertas situaciones porque la comprobaci\u00f3n de la direcci\u00f3n de origen es manejada inapropiadamente. Esta es una denegaci\u00f3n de servicio que debi\u00f3 haber sido evitada mediante PMF (tambi\u00e9n se conoce como protecci\u00f3n de la trama de administraci\u00f3n). El atacante requiere enviar una trama 802.11 dise\u00f1ada desde una ubicaci\u00f3n que este dentro del rango de comunicaciones de 802.11."
}
],
"id": "CVE-2019-16275",
"lastModified": "2024-11-21T04:30:26.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-12T20:15:11.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://w1.fi/security/2019-7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://w1.fi/security/2019-7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-24912 (GCVE-0-2025-24912)
Vulnerability from cvelistv5 – Published: 2025-03-12 04:43 – Updated: 2025-03-12 13:21
VLAI?
Summary
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
Severity ?
CWE
- CWE-826 - Premature Release of Resource During Expected Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jouni Malinen | hostapd |
Affected:
2.11 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:21:52.296145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:21:59.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hostapd",
"vendor": "Jouni Malinen",
"versions": [
{
"status": "affected",
"version": "2.11 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-826",
"description": "Premature Release of Resource During Expected Lifetime",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:43:54.870Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://w1.fi/hostapd/"
},
{
"url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44"
},
{
"url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109"
},
{
"url": "https://jvn.jp/en/jp/JVN19358384/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24912",
"datePublished": "2025-03-12T04:43:54.870Z",
"dateReserved": "2025-01-28T07:05:59.180Z",
"dateUpdated": "2025-03-12T13:21:59.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37660 (GCVE-0-2022-37660)
Vulnerability from cvelistv5 – Published: 2025-02-11 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:18:13.521966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:18:19.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:21.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T22:25:35.931Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4"
},
{
"url": "https://link.springer.com/article/10.1007/s10207-025-00988-3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37660",
"datePublished": "2025-02-11T00:00:00.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:21.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23304 (GCVE-0-2022-23304)
Vulnerability from cvelistv5 – Published: 2022-01-17 00:00 – Updated: 2025-11-03 19:26
VLAI?
Summary
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:26:48.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:06:20.892Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23304",
"datePublished": "2022-01-17T00:00:00.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:26:48.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23303 (GCVE-0-2022-23303)
Vulnerability from cvelistv5 – Published: 2022-01-17 00:00 – Updated: 2025-11-03 19:26
VLAI?
Summary
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:26:46.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:06:19.467Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23303",
"datePublished": "2022-01-17T00:00:00.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:26:46.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-30004 (GCVE-0-2021-30004)
Vulnerability from cvelistv5 – Published: 2021-04-02 00:00 – Updated: 2024-08-03 22:24
VLAI?
Summary
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:06:17.989585",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30004",
"datePublished": "2021-04-02T00:00:00",
"dateReserved": "2021-04-02T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12695 (GCVE-0-2020-12695)
Vulnerability from cvelistv5 – Published: 2020-06-08 16:45 – Updated: 2024-08-04 12:04
VLAI?
Summary
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T23:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.callstranger.com",
"refsource": "MISC",
"url": "https://www.callstranger.com"
},
{
"name": "https://www.kb.cert.org/vuls/id/339275",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"name": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of",
"refsource": "MISC",
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"name": "https://github.com/yunuscadirci/CallStranger",
"refsource": "MISC",
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"name": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/",
"refsource": "MISC",
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"name": "https://github.com/corelight/callstranger-detector",
"refsource": "MISC",
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12695",
"datePublished": "2020-06-08T16:45:04",
"dateReserved": "2020-05-07T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10064 (GCVE-0-2019-10064)
Vulnerability from cvelistv5 – Published: 2020-02-28 14:07 – Updated: 2024-08-04 22:10
VLAI?
Summary
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-08T22:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389",
"refsource": "MISC",
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/02/27/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10064",
"datePublished": "2020-02-28T14:07:14",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5062 (GCVE-0-2019-5062)
Vulnerability from cvelistv5 – Published: 2019-12-12 21:36 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.
Severity ?
7.4 (High)
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "W1.f1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "hostapd version 2.6 on a Raspberry Pi."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:39",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "W1.f1",
"version": {
"version_data": [
{
"version_value": "hostapd version 2.6 on a Raspberry Pi."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.4,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440: Expected Behavior Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5062",
"datePublished": "2019-12-12T21:36:54",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5061 (GCVE-0-2019-5061)
Vulnerability from cvelistv5 – Published: 2019-12-12 21:36 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Severity ?
7.4 (High)
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "W1.f1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "hostapd version 2.6 Ubiquiti AP-AC-Pro firmware 4.0.10.9653"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:38",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "W1.f1",
"version": {
"version_data": [
{
"version_value": "hostapd version 2.6 Ubiquiti AP-AC-Pro firmware 4.0.10.9653"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.4,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440: Expected Behavior Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5061",
"datePublished": "2019-12-12T21:36:45",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16275 (GCVE-0-2019-16275)
Vulnerability from cvelistv5 – Published: 2019-09-12 19:07 – Updated: 2024-08-05 01:10
VLAI?
Summary
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2019-7/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"name": "USN-4136-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"name": "USN-4136-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"name": "DSA-4538",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"name": "FEDORA-2019-0e0b28001d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"name": "FEDORA-2019-740834c559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"name": "FEDORA-2019-2265b5ae86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"name": "FEDORA-2019-65509aac53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"name": "FEDORA-2019-2bdcccee3c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-17T18:07:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2019-7/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"name": "USN-4136-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"name": "USN-4136-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"name": "DSA-4538",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"name": "FEDORA-2019-0e0b28001d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"name": "FEDORA-2019-740834c559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"name": "FEDORA-2019-2265b5ae86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"name": "FEDORA-2019-65509aac53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"name": "FEDORA-2019-2bdcccee3c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2019/09/11/7",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"name": "https://w1.fi/security/2019-7/",
"refsource": "MISC",
"url": "https://w1.fi/security/2019-7/"
},
{
"name": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"name": "USN-4136-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"name": "USN-4136-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"name": "DSA-4538",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"name": "FEDORA-2019-0e0b28001d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"name": "FEDORA-2019-740834c559",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"name": "FEDORA-2019-2265b5ae86",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"name": "FEDORA-2019-65509aac53",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"name": "FEDORA-2019-2bdcccee3c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16275",
"datePublished": "2019-09-12T19:07:09",
"dateReserved": "2019-09-12T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24912 (GCVE-0-2025-24912)
Vulnerability from nvd – Published: 2025-03-12 04:43 – Updated: 2025-03-12 13:21
VLAI?
Summary
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
Severity ?
CWE
- CWE-826 - Premature Release of Resource During Expected Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jouni Malinen | hostapd |
Affected:
2.11 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:21:52.296145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:21:59.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hostapd",
"vendor": "Jouni Malinen",
"versions": [
{
"status": "affected",
"version": "2.11 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-826",
"description": "Premature Release of Resource During Expected Lifetime",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:43:54.870Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://w1.fi/hostapd/"
},
{
"url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44"
},
{
"url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109"
},
{
"url": "https://jvn.jp/en/jp/JVN19358384/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24912",
"datePublished": "2025-03-12T04:43:54.870Z",
"dateReserved": "2025-01-28T07:05:59.180Z",
"dateUpdated": "2025-03-12T13:21:59.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37660 (GCVE-0-2022-37660)
Vulnerability from nvd – Published: 2025-02-11 00:00 – Updated: 2025-11-03 19:27
VLAI?
Summary
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:18:13.521966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:18:19.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:21.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T22:25:35.931Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4"
},
{
"url": "https://link.springer.com/article/10.1007/s10207-025-00988-3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37660",
"datePublished": "2025-02-11T00:00:00.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:21.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23304 (GCVE-0-2022-23304)
Vulnerability from nvd – Published: 2022-01-17 00:00 – Updated: 2025-11-03 19:26
VLAI?
Summary
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:26:48.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:06:20.892Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23304",
"datePublished": "2022-01-17T00:00:00.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:26:48.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23303 (GCVE-0-2022-23303)
Vulnerability from nvd – Published: 2022-01-17 00:00 – Updated: 2025-11-03 19:26
VLAI?
Summary
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:26:46.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-16"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:06:19.467Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/security/2022-1/"
},
{
"name": "FEDORA-2022-da8222a1bc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23303",
"datePublished": "2022-01-17T00:00:00.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:26:46.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-30004 (GCVE-0-2021-30004)
Vulnerability from nvd – Published: 2021-04-02 00:00 – Updated: 2024-08-03 22:24
VLAI?
Summary
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:06:17.989585",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
},
{
"name": "GLSA-202309-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30004",
"datePublished": "2021-04-02T00:00:00",
"dateReserved": "2021-04-02T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12695 (GCVE-0-2020-12695)
Vulnerability from nvd – Published: 2020-06-08 16:45 – Updated: 2024-08-04 12:04
VLAI?
Summary
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T23:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.callstranger.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.callstranger.com",
"refsource": "MISC",
"url": "https://www.callstranger.com"
},
{
"name": "https://www.kb.cert.org/vuls/id/339275",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"name": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of",
"refsource": "MISC",
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"name": "https://github.com/yunuscadirci/CallStranger",
"refsource": "MISC",
"url": "https://github.com/yunuscadirci/CallStranger"
},
{
"name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
},
{
"name": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/",
"refsource": "MISC",
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"name": "https://github.com/corelight/callstranger-detector",
"refsource": "MISC",
"url": "https://github.com/corelight/callstranger-detector"
},
{
"name": "FEDORA-2020-df3e1cfde9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
},
{
"name": "FEDORA-2020-1f7fc0d0c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
},
{
"name": "FEDORA-2020-e538e3e526",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
},
{
"name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"name": "USN-4494-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"name": "DSA-4806",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"name": "DSA-4898",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12695",
"datePublished": "2020-06-08T16:45:04",
"dateReserved": "2020-05-07T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10064 (GCVE-0-2019-10064)
Vulnerability from nvd – Published: 2020-02-28 14:07 – Updated: 2024-08-04 22:10
VLAI?
Summary
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-08T22:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389",
"refsource": "MISC",
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2"
},
{
"name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/26"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/02/27/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1"
},
{
"name": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
},
{
"name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10064",
"datePublished": "2020-02-28T14:07:14",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5062 (GCVE-0-2019-5062)
Vulnerability from nvd – Published: 2019-12-12 21:36 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.
Severity ?
7.4 (High)
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "W1.f1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "hostapd version 2.6 on a Raspberry Pi."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:39",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "W1.f1",
"version": {
"version_data": [
{
"version_value": "hostapd version 2.6 on a Raspberry Pi."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.4,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440: Expected Behavior Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5062",
"datePublished": "2019-12-12T21:36:54",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5061 (GCVE-0-2019-5061)
Vulnerability from nvd – Published: 2019-12-12 21:36 – Updated: 2024-08-04 19:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Severity ?
7.4 (High)
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:55.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "W1.f1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "hostapd version 2.6 Ubiquiti AP-AC-Pro firmware 4.0.10.9653"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:33:38",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "W1.f1",
"version": {
"version_data": [
{
"version_value": "hostapd version 2.6 Ubiquiti AP-AC-Pro firmware 4.0.10.9653"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.4,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440: Expected Behavior Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5061",
"datePublished": "2019-12-12T21:36:45",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:55.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16275 (GCVE-0-2019-16275)
Vulnerability from nvd – Published: 2019-09-12 19:07 – Updated: 2024-08-05 01:10
VLAI?
Summary
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2019-7/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"name": "USN-4136-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"name": "USN-4136-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"name": "DSA-4538",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"name": "FEDORA-2019-0e0b28001d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"name": "FEDORA-2019-740834c559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"name": "FEDORA-2019-2265b5ae86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"name": "FEDORA-2019-65509aac53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"name": "FEDORA-2019-2bdcccee3c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-17T18:07:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2019-7/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"name": "USN-4136-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"name": "USN-4136-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"name": "DSA-4538",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"name": "FEDORA-2019-0e0b28001d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"name": "FEDORA-2019-740834c559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"name": "FEDORA-2019-2265b5ae86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"name": "FEDORA-2019-65509aac53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"name": "FEDORA-2019-2bdcccee3c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2019/09/11/7",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"
},
{
"name": "https://w1.fi/security/2019-7/",
"refsource": "MISC",
"url": "https://w1.fi/security/2019-7/"
},
{
"name": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"
},
{
"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"
},
{
"name": "USN-4136-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4136-1/"
},
{
"name": "USN-4136-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4136-2/"
},
{
"name": "DSA-4538",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4538"
},
{
"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/56"
},
{
"name": "FEDORA-2019-0e0b28001d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"
},
{
"name": "FEDORA-2019-740834c559",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"
},
{
"name": "FEDORA-2019-2265b5ae86",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"
},
{
"name": "FEDORA-2019-65509aac53",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"
},
{
"name": "FEDORA-2019-2bdcccee3c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16275",
"datePublished": "2019-09-12T19:07:09",
"dateReserved": "2019-09-12T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}