| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-9495 | 4.3 |
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execu
|
03-11-2021 - 19:53 | 17-04-2019 - 14:29 | |
| CVE-2019-9499 | 6.8 |
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication,
|
22-10-2020 - 17:15 | 17-04-2019 - 14:29 | |
| CVE-2019-9498 | 6.8 |
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar
|
22-10-2020 - 17:15 | 17-04-2019 - 14:29 | |
| CVE-2019-11555 | 4.3 |
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process t
|
07-06-2019 - 03:29 | 26-04-2019 - 22:29 | |
| CVE-2019-9497 | 6.8 |
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password
|
15-05-2019 - 22:29 | 17-04-2019 - 14:29 |