Vulnerabilities > W1 FI > WPA Supplicant > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-07 | CVE-2024-5290 | Uncontrolled Search Path Element vulnerability in W1.Fi WPA Supplicant An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. | 7.8 |
| 2021-02-26 | CVE-2021-27803 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. | 7.5 |
| 2019-04-17 | CVE-2019-9499 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9498 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9497 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9496 | Improper Authentication vulnerability in multiple products An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. | 7.5 |
| 2017-10-17 | CVE-2017-13082 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | 8.1 |
| 2016-05-09 | CVE-2016-4476 | Improper Input Validation vulnerability in multiple products hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. | 7.5 |