CVSS: 9.1EPSS: 6%CPEs: 11EXPL: 1CVE-2019-5597
https://notcve.org/view.php?id=CVE-2019-5597
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. En FreeBSD 11.3-PRERELEASE y 12.0-STABLE anterior a r347591, 11.2-RELEASE anterior a 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en la lógica de reensamblado del fragmento pf IPv6 usa incorrectamente la última extensión del encabezado desde el desvío el último paquete recibido en vez del primer paquete permitiendo que los paquetes IPv6 diseñados con fines maliciosos originen un bloqueo o omitan potencialmente el Packet Filter. • http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html http://www.securityfocus.com/bid/108395 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc https://security.netapp.com/advisory/ntap-20190611-0001 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 1%CPEs: 24EXPL: 0CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side channel) como resultado de diferencias de tiempo observables y patrones de acceso a la caché. Un atacante puede conseguir información filtrada de un ataque de canal lateral (side channel) que pueda ser usado para la recuperación completa de la contraseña. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https:&# • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/p • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptográfica sin comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en wpa_supplicant EAP Peer, cuando se construyen contra una biblioteca criptográfica que carece de comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •