Vulnerabilities > W1 FI > Hostapd > 0.6.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-17 | CVE-2019-9495 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. | 3.7 |
2019-04-17 | CVE-2019-9494 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. | 5.9 |
2019-03-23 | CVE-2016-10743 | Insufficient Entropy in PRNG vulnerability in W1.Fi Hostapd hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. | 5.0 |
2015-11-09 | CVE-2015-8041 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. | 5.0 |