Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-4142 | 4.3 |
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which
|
17-05-2022 - 07:15 | 15-06-2015 - 15:59 | |
CVE-2015-4146 | 5.0 |
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) v
|
30-10-2018 - 16:27 | 15-06-2015 - 15:59 | |
CVE-2015-4141 | 4.3 |
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-boun
|
30-10-2018 - 16:27 | 15-06-2015 - 15:59 | |
CVE-2015-4144 | 5.0 |
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a craft
|
30-10-2018 - 16:27 | 15-06-2015 - 15:59 | |
CVE-2015-4143 | 5.0 |
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
|
30-10-2018 - 16:27 | 15-06-2015 - 15:59 | |
CVE-2015-4145 | 5.0 |
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
|
30-10-2018 - 16:27 | 15-06-2015 - 15:59 | |
CVE-2015-1863 | 5.8 |
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2
|
30-10-2018 - 16:27 | 28-04-2015 - 14:59 | |
CVE-2014-3686 | 6.8 |
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
|
27-07-2016 - 01:59 | 16-10-2014 - 00:55 |