Vulnerabilities > W1 FI > Hostapd > 2.9

DATE CVE VULNERABILITY TITLE RISK
2022-01-17 CVE-2022-23303 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns.
network
low complexity
w1-fi fedoraproject CWE-203
critical
 9.8
9.8
2022-01-17 CVE-2022-23304 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns.
network
low complexity
w1-fi fedoraproject CWE-203
critical
 9.8
9.8
2021-04-02 CVE-2021-30004 Improper Input Validation vulnerability in W1.Fi Hostapd and WPA Supplicant
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
network
low complexity
w1-fi CWE-20
5.3
5.3
2019-09-12 CVE-2019-16275 Origin Validation Error vulnerability in multiple products
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled.
low complexity
w1-fi debian canonical CWE-346
6.5
6.5