Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 57 results


CVE-2019-9498

Medium priority
Fixed

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9497

Medium priority
Fixed

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9496

Medium priority
Not affected

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9495

Medium priority
Fixed

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9494

Medium priority
Not affected

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected
wpasupplicant Not in release Not in release
Show less packages

CVE-2016-10743

Low priority
Fixed

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Fixed
Show less packages

CVE-2018-14526

Medium priority
Fixed

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
Show less packages

CVE-2017-13084

High priority
Not affected

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected
Show less packages

CVE-2017-13088

High priority
Fixed

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed
Show less packages

CVE-2017-13087

High priority
Fixed

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed
Show less packages