0.6.7

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-17	CVE-2019-9495	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. network high complexity w1-fi fedoraproject opensuse debian synology freebsd CWE-203	3.7
2019-04-17	CVE-2019-9494	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. network high complexity w1-fi fedoraproject opensuse synology freebsd CWE-203	5.9
2019-03-23	CVE-2016-10743	Insufficient Entropy in PRNG vulnerability in W1.Fi Hostapd hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. network low complexity w1-fi CWE-332	7.5
2016-05-09	CVE-2016-4476	Improper Input Validation vulnerability in multiple products hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. network low complexity w1-fi canonical CWE-20	7.5