rpm package

suse/hostapd&distro=SUSE Package Hub 15 SP2

pkg:rpm/suse/hostapd&distro=SUSE%20Package%20Hub%2015%20SP2

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-30004	—	< 2.9-bp152.2.3.1	2.9-bp152.2.3.1	Apr 2, 2021	In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2020-12695	—	< 2.9-bp152.2.3.1	2.9-bp152.2.3.1	Jun 8, 2020	The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2019-16275	—	< 2.9-bp152.2.3.1	2.9-bp152.2.3.1	Sep 12, 2019	hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac

CVE-2021-30004Apr 2, 2021
affected < 2.9-bp152.2.3.1fixed 2.9-bp152.2.3.1
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2020-12695Jun 8, 2020
affected < 2.9-bp152.2.3.1fixed 2.9-bp152.2.3.1
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2019-16275Sep 12, 2019
affected < 2.9-bp152.2.3.1fixed 2.9-bp152.2.3.1
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac