rpm package
suse/wpa_supplicant&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-27803 | — | < 2.6-15.16.1 | 2.6-15.16.1 | Feb 26, 2021 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | ||
| CVE-2021-0326 | — | < 2.6-15.13.1 | 2.6-15.13.1 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need | ||
| CVE-2019-16275 | — | < 2.6-15.13.1 | 2.6-15.13.1 | Sep 12, 2019 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac | ||
| CVE-2018-14526 | — | < 2.6-15.10.1 | 2.6-15.10.1 | Aug 8, 2018 | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove | ||
| CVE-2017-13088 | Med | 5.3 | < 2.2-15.3.1 | 2.2-15.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points t | |
| CVE-2017-13087 | Med | 5.3 | < 2.2-15.3.1 | 2.2-15.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. | |
| CVE-2017-13081 | Med | 5.3 | < 2.2-15.3.1 | 2.2-15.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |
| CVE-2017-13080 | Med | 5.3 | < 2.2-15.3.1 | 2.2-15.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | |
| CVE-2017-13079 | Med | 5.3 | < 2.2-15.3.1 | 2.2-15.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |
| CVE-2017-13078 | Med | 5.3 | < 2.2-15.3.1 | 2.2-15.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. |
- CVE-2021-27803Feb 26, 2021affected < 2.6-15.16.1fixed 2.6-15.16.1
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
- CVE-2021-0326Feb 10, 2021affected < 2.6-15.13.1fixed 2.6-15.13.1
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need
- CVE-2019-16275Sep 12, 2019affected < 2.6-15.13.1fixed 2.6-15.13.1
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac
- CVE-2018-14526Aug 8, 2018affected < 2.6-15.10.1fixed 2.6-15.10.1
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove
- affected < 2.2-15.3.1fixed 2.2-15.3.1
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points t
- affected < 2.2-15.3.1fixed 2.2-15.3.1
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
- affected < 2.2-15.3.1fixed 2.2-15.3.1
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
- affected < 2.2-15.3.1fixed 2.2-15.3.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
- affected < 2.2-15.3.1fixed 2.2-15.3.1
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
- affected < 2.2-15.3.1fixed 2.2-15.3.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.