0.3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-17	CVE-2022-23303	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. network low complexity w1-fi fedoraproject CWE-203 critical	9.8
2022-01-17	CVE-2022-23304	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. network low complexity w1-fi fedoraproject CWE-203 critical	9.8
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2020-02-28	CVE-2019-10064	Insufficient Entropy vulnerability in multiple products hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. network low complexity w1-fi debian CWE-331	7.5
2019-09-12	CVE-2019-16275	Origin Validation Error vulnerability in multiple products hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. low complexity w1-fi debian canonical CWE-346	6.5
2019-04-26	CVE-2019-11555	NULL Pointer Dereference vulnerability in W1.Fi Hostapd and WPA Supplicant The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. network high complexity w1-fi CWE-476	5.9
2019-04-17	CVE-2019-9499	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1
2019-04-17	CVE-2019-9498	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-287	8.1
2019-04-17	CVE-2019-9497	Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. network high complexity w1-fi fedoraproject CWE-287	8.1
2019-04-17	CVE-2019-9496	Improper Authentication vulnerability in multiple products An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. network low complexity w1-fi fedoraproject CWE-287	7.5