Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/135393?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "type": "deb", "namespace": "debian", "name": "wpa", "version": "2:2.9.0-21+deb11u2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2:2.9.0-21+deb11u3", "latest_non_vulnerable_version": "2:2.10-25", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105920?format=api", "vulnerability_id": "VCID-1ba4-zp3t-j7b7", "summary": "An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9496.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0487", "scoring_system": "epss", "scoring_elements": "0.89738", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0487", "scoring_system": "epss", "scoring_elements": "0.89754", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9496" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699153", "reference_id": "1699153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699153" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801", "reference_id": "926801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135441?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9496" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ba4-zp3t-j7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85318?format=api", "vulnerability_id": "VCID-1eva-m1zn-dbbs", "summary": "hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37660.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39005", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38917", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345113", "reference_id": "2345113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345113" }, { "reference_url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4", "reference_id": "?id=15af83cf1846870873a011ed4d714732f01cd2e4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:18:13Z/" } ], "url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4" }, { "reference_url": "https://link.springer.com/article/10.1007/s10207-025-00988-3", "reference_id": "s10207-025-00988-3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:18:13Z/" } ], "url": "https://link.springer.com/article/10.1007/s10207-025-00988-3" }, { "reference_url": "https://usn.ubuntu.com/7317-1/", "reference_id": "USN-7317-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7317-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135450?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-37660" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1eva-m1zn-dbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105892?format=api", "vulnerability_id": "VCID-27hh-ygby-hyh9", "summary": "Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4445.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4445.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05318", "scoring_system": "epss", "scoring_elements": "0.9021", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05318", "scoring_system": "epss", "scoring_elements": "0.90226", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689990", "reference_id": "689990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=859918", "reference_id": "859918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859918" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135396?format=api", "purl": "pkg:deb/debian/wpa@1.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@1.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4445" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27hh-ygby-hyh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6248?format=api", "vulnerability_id": "VCID-2pae-t1zg-d7dy", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14526.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14526.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79333", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614520", "reference_id": "1614520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614520" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905739", "reference_id": "905739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905739" }, { "reference_url": "https://security.archlinux.org/AVG-752", "reference_id": "AVG-752", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3107", "reference_id": "RHSA-2018:3107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3107" }, { "reference_url": "https://usn.ubuntu.com/3745-1/", "reference_id": "USN-3745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135429?format=api", "purl": "pkg:deb/debian/wpa@2:2.6-18?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.6-18%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14526" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pae-t1zg-d7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105904?format=api", "vulnerability_id": "VCID-2u68-nqzd-pqcu", "summary": "The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5316.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81597", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01524", "scoring_system": "epss", "scoring_elements": "0.81627", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277865", "reference_id": "1277865", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277865" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804710", "reference_id": "804710", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804710" }, { "reference_url": "https://usn.ubuntu.com/2808-1/", "reference_id": "USN-2808-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2808-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135404?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5316" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u68-nqzd-pqcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105219?format=api", "vulnerability_id": "VCID-57qp-9n3e-g7g7", "summary": "wpa_supplicant: SAE side channel attacks as a result of cache access patterns", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61192", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61241", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044602", "reference_id": "2044602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044602" }, { "reference_url": "https://security.gentoo.org/glsa/202309-16", "reference_id": "GLSA-202309-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-16" }, { "reference_url": "https://usn.ubuntu.com/7317-1/", "reference_id": "USN-7317-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7317-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135450?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135449?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-23303" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57qp-9n3e-g7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5003?format=api", "vulnerability_id": "VCID-5uqd-9srx-buhb", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27803.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27803.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00827", "scoring_system": "epss", "scoring_elements": "0.74843", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00827", "scoring_system": "epss", "scoring_elements": "0.74873", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch", "reference_id": "0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/27/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/02/27/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933361", "reference_id": "1933361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933361" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2021/02/25/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2021/02/25/3" }, { "reference_url": "https://security.archlinux.org/AVG-1626", "reference_id": "AVG-1626", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1626" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4898", "reference_id": "dsa-4898", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4898" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/", "reference_id": "IZGUR5XFHATVXTRAEJMODS7ROYHA56NX", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/", "reference_id": "KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0808", "reference_id": "RHSA-2021:0808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0809", "reference_id": "RHSA-2021:0809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0816", "reference_id": "RHSA-2021:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0818", "reference_id": "RHSA-2021:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0818" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/", "reference_id": "SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/" }, { "reference_url": "https://usn.ubuntu.com/4757-1/", "reference_id": "USN-4757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4757-1/" }, { "reference_url": "https://usn.ubuntu.com/4757-2/", "reference_id": "USN-4757-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4757-2/" }, { "reference_url": "https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt", "reference_id": "wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/" } ], "url": "https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135447?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-27803" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5uqd-9srx-buhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105913?format=api", "vulnerability_id": "VCID-64pb-r9pk-3bfk", "summary": "The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737665", "reference_id": "1737665", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737665" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180", "reference_id": "934180", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180" }, { "reference_url": "https://usn.ubuntu.com/4098-1/", "reference_id": "USN-4098-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4098-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135434?format=api", "purl": "pkg:deb/debian/wpa@2:2.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64pb-r9pk-3bfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105217?format=api", "vulnerability_id": "VCID-6jb3-mw38-gqaf", "summary": "wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26135", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26239", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044599", "reference_id": "2044599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044599" }, { "reference_url": "https://security.gentoo.org/glsa/202309-16", "reference_id": "GLSA-202309-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-16" }, { "reference_url": "https://usn.ubuntu.com/7317-1/", "reference_id": "USN-7317-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7317-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135450?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135449?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-23304" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jb3-mw38-gqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91225?format=api", "vulnerability_id": "VCID-7fuh-9z2r-ekee", "summary": "wpa_supplicant: potential authorization bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0417", "scoring_system": "epss", "scoring_elements": "0.88899", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064061", "reference_id": "1064061", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264593", "reference_id": "2264593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264593" }, { "reference_url": "https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c", "reference_id": "?id=8e6485a1bcb0baffdea9e55255a81270b768439c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/" } ], "url": "https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/", "reference_id": "N46C4DTVUWK336OYDA4LGALSC5VVPTCC", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/", "reference_id": "QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2517", "reference_id": "RHSA-2024:2517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2517" }, { "reference_url": "https://www.top10vpn.com/research/wifi-vulnerabilities/", "reference_id": "wifi-vulnerabilities", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/" } ], "url": "https://www.top10vpn.com/research/wifi-vulnerabilities/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135458?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135457?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135459?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-21.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-21.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-52160" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fuh-9z2r-ekee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6440?format=api", "vulnerability_id": "VCID-7kes-xst7-z3d3", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13086.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13086.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64663", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500302", "reference_id": "1500302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500302" }, { "reference_url": "https://security.archlinux.org/AVG-453", "reference_id": "AVG-453", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-453" }, { "reference_url": "https://security.archlinux.org/AVG-454", "reference_id": "AVG-454", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-454" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13086" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kes-xst7-z3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6444?format=api", "vulnerability_id": "VCID-7q6k-mpk6-t7bv", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62872", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62914", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491698", "reference_id": "1491698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491698" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13082" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q6k-mpk6-t7bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105895?format=api", "vulnerability_id": "VCID-7y9t-7akx-afg7", "summary": "The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4141.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81221", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81249", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221172", "reference_id": "1221172", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221172" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372", "reference_id": "787372", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://usn.ubuntu.com/2650-1/", "reference_id": "USN-2650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7y9t-7akx-afg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6445?format=api", "vulnerability_id": "VCID-84gv-j3vy-kbhp", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13081.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0111", "scoring_system": "epss", "scoring_elements": "0.78482", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0111", "scoring_system": "epss", "scoring_elements": "0.78508", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491697", "reference_id": "1491697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491697" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" }, { "reference_url": "https://usn.ubuntu.com/3505-1/", "reference_id": "USN-3505-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3505-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13081" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84gv-j3vy-kbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105902?format=api", "vulnerability_id": "VCID-8d56-3k4a-c7hy", "summary": "The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0115", "scoring_system": "epss", "scoring_elements": "0.78829", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0115", "scoring_system": "epss", "scoring_elements": "0.78855", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708", "reference_id": "804708", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708" }, { "reference_url": "https://usn.ubuntu.com/2808-1/", "reference_id": "USN-2808-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2808-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135404?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5314" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d56-3k4a-c7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105918?format=api", "vulnerability_id": "VCID-awmy-cpam-xqah", "summary": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9495.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06885", "scoring_system": "epss", "scoring_elements": "0.91537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06885", "scoring_system": "epss", "scoring_elements": "0.9155", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699149", "reference_id": "1699149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699149" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801", "reference_id": "926801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801" }, { "reference_url": "https://usn.ubuntu.com/3944-1/", "reference_id": "USN-3944-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3944-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135441?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9495" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awmy-cpam-xqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6448?format=api", "vulnerability_id": "VCID-b8k9-3pnn-ekgs", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13078.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74621", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74653", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491693", "reference_id": "1491693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491693" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2911", "reference_id": "RHSA-2017:2911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2911" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13078" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8k9-3pnn-ekgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105905?format=api", "vulnerability_id": "VCID-bugv-6pzr-tuhy", "summary": "Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8041.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0158", "scoring_system": "epss", "scoring_elements": "0.81912", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0158", "scoring_system": "epss", "scoring_elements": "0.81946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241905", "reference_id": "1241905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241905" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740", "reference_id": "795740", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8041" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bugv-6pzr-tuhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105899?format=api", "vulnerability_id": "VCID-c1uc-msuh-bbgq", "summary": "The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4145.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4145.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.7931", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449", "reference_id": "1219449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371", "reference_id": "787371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://usn.ubuntu.com/2650-1/", "reference_id": "USN-2650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1uc-msuh-bbgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5690?format=api", "vulnerability_id": "VCID-c6rb-kwrq-uubn", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-0326.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-0326.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-0326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1638", "scoring_system": "epss", "scoring_elements": "0.94986", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1638", "scoring_system": "epss", "scoring_elements": "0.94994", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-0326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925152", "reference_id": "1925152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925152" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971", "reference_id": "981971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971" }, { "reference_url": "https://security.archlinux.org/ASA-202102-25", "reference_id": "ASA-202102-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-25" }, { "reference_url": "https://security.archlinux.org/AVG-1530", "reference_id": "AVG-1530", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1686", "reference_id": "RHSA-2021:1686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1686" }, { "reference_url": "https://usn.ubuntu.com/4734-1/", "reference_id": "USN-4734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4734-1/" }, { "reference_url": "https://usn.ubuntu.com/4734-2/", "reference_id": "USN-4734-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4734-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135446?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-17?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-17%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-0326" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6rb-kwrq-uubn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105909?format=api", "vulnerability_id": "VCID-cmpu-sjnc-qyc9", "summary": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01405", "scoring_system": "epss", "scoring_elements": "0.80797", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01405", "scoring_system": "epss", "scoring_elements": "0.80825", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10064" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811069", "reference_id": "1811069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811069" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135411?format=api", "purl": "pkg:deb/debian/wpa@2:2.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10064" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmpu-sjnc-qyc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105922?format=api", "vulnerability_id": "VCID-d17v-v7yt-5kb3", "summary": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74298", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74331", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699168", "reference_id": "1699168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801", "reference_id": "926801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801" }, { "reference_url": "https://usn.ubuntu.com/3944-1/", "reference_id": "USN-3944-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3944-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135441?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9498" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d17v-v7yt-5kb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84584?format=api", "vulnerability_id": "VCID-d4vx-9hvu-mqhw", "summary": "hostapd: RADIUS Packet Processing Flaw in hostapd", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24912.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24912.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10265", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24912" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351487", "reference_id": "2351487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351487" }, { "reference_url": "https://w1.fi/hostapd/", "reference_id": "hostapd", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/" } ], "url": "https://w1.fi/hostapd/" }, { "reference_url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109", "reference_id": "?id=339a334551ca911187cc870f4f97ef08e11db109", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/" } ], "url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109" }, { "reference_url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44", "reference_id": "?id=726432d7622cc0088ac353d073b59628b590ea44", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/" } ], "url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44" }, { "reference_url": "https://jvn.jp/en/jp/JVN19358384/", "reference_id": "JVN19358384", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/" } ], "url": "https://jvn.jp/en/jp/JVN19358384/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135392?format=api", "purl": "pkg:deb/debian/wpa@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24912" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4vx-9hvu-mqhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105912?format=api", "vulnerability_id": "VCID-dc5z-thyu-sqhb", "summary": "The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11555.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11555.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09377", "scoring_system": "epss", "scoring_elements": "0.92932", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09377", "scoring_system": "epss", "scoring_elements": "0.92942", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703417", "reference_id": "1703417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703417" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927463", "reference_id": "927463", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927463" }, { "reference_url": "https://security.gentoo.org/glsa/201908-25", "reference_id": "GLSA-201908-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-25" }, { "reference_url": "https://usn.ubuntu.com/3969-1/", "reference_id": "USN-3969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3969-1/" }, { "reference_url": "https://usn.ubuntu.com/3969-2/", "reference_id": "USN-3969-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3969-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135432?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-11555" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dc5z-thyu-sqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6789?format=api", "vulnerability_id": "VCID-dvkq-285n-9kaw", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4477.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32299", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32372", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4477" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332423", "reference_id": "1332423", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332423" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411", "reference_id": "823411", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411" }, { "reference_url": "https://security.archlinux.org/ASA-201610-3", "reference_id": "ASA-201610-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201610-3" }, { "reference_url": "https://security.archlinux.org/ASA-201610-7", "reference_id": "ASA-201610-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201610-7" }, { "reference_url": "https://security.archlinux.org/AVG-10", "reference_id": "AVG-10", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-10" }, { "reference_url": "https://security.archlinux.org/AVG-11", "reference_id": "AVG-11", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-11" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135413?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4477" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvkq-285n-9kaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105903?format=api", "vulnerability_id": "VCID-edpz-qhd8-jfez", "summary": "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5315.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5315.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0115", "scoring_system": "epss", "scoring_elements": "0.78829", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0115", "scoring_system": "epss", "scoring_elements": "0.78855", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278377", "reference_id": "1278377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278377" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708", "reference_id": "804708", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708" }, { "reference_url": "https://usn.ubuntu.com/2808-1/", "reference_id": "USN-2808-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2808-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135404?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5315" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edpz-qhd8-jfez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105896?format=api", "vulnerability_id": "VCID-fwsj-n5rh-53h1", "summary": "Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4142.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07071", "scoring_system": "epss", "scoring_elements": "0.91661", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07071", "scoring_system": "epss", "scoring_elements": "0.91673", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221178", "reference_id": "1221178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373", "reference_id": "787373", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1090", "reference_id": "RHSA-2015:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1439", "reference_id": "RHSA-2015:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1439" }, { "reference_url": "https://usn.ubuntu.com/2650-1/", "reference_id": "USN-2650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4142" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwsj-n5rh-53h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105901?format=api", "vulnerability_id": "VCID-hxn4-6y6j-83cz", "summary": "The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5310.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53929", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53987", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277857", "reference_id": "1277857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277857" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804707", "reference_id": "804707", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804707" }, { "reference_url": "https://usn.ubuntu.com/2808-1/", "reference_id": "USN-2808-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2808-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135404?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5310" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxn4-6y6j-83cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105915?format=api", "vulnerability_id": "VCID-kj7b-sur9-hfhb", "summary": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52699", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52758", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5061" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5061", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135439?format=api", "purl": "pkg:deb/debian/wpa@2:2.9%2Bgit20200213%2B877d9a0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9%252Bgit20200213%252B877d9a0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj7b-sur9-hfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105898?format=api", "vulnerability_id": "VCID-kyvg-q58s-cfff", "summary": "The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4144.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.7931", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449", "reference_id": "1219449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371", "reference_id": "787371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://usn.ubuntu.com/2650-1/", "reference_id": "USN-2650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4144" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyvg-q58s-cfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105923?format=api", "vulnerability_id": "VCID-m6c2-crap-b3b7", "summary": "The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9499.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74298", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74331", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699170", "reference_id": "1699170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699170" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801", "reference_id": "926801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801" }, { "reference_url": "https://usn.ubuntu.com/3944-1/", "reference_id": "USN-3944-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3944-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135441?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9499" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6c2-crap-b3b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105897?format=api", "vulnerability_id": "VCID-mwc1-rpqz-uqcj", "summary": "The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4143.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.7931", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449", "reference_id": "1219449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371", "reference_id": "787371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://usn.ubuntu.com/2650-1/", "reference_id": "USN-2650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4143" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwc1-rpqz-uqcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6446?format=api", "vulnerability_id": "VCID-n7rh-f4mj-jbdq", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00948", "scoring_system": "epss", "scoring_elements": "0.76704", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00948", "scoring_system": "epss", "scoring_elements": "0.76734", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491696", "reference_id": "1491696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491696" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2911", "reference_id": "RHSA-2017:2911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2911" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" }, { "reference_url": "https://usn.ubuntu.com/3505-1/", "reference_id": "USN-3505-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3505-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13080" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7rh-f4mj-jbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105914?format=api", "vulnerability_id": "VCID-p4b2-1g26-nkd2", "summary": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16275.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16275.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70594", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70636", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767023", "reference_id": "1767023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767023" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940080", "reference_id": "940080", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940080" }, { "reference_url": "https://usn.ubuntu.com/4136-1/", "reference_id": "USN-4136-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4136-1/" }, { "reference_url": "https://usn.ubuntu.com/4136-2/", "reference_id": "USN-4136-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4136-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135436?format=api", "purl": "pkg:deb/debian/wpa@2:2.9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-16275" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4b2-1g26-nkd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6449?format=api", "vulnerability_id": "VCID-p6m7-m2w8-uybh", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00661", "scoring_system": "epss", "scoring_elements": "0.71521", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00661", "scoring_system": "epss", "scoring_elements": "0.71565", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491692", "reference_id": "1491692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491692" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2911", "reference_id": "RHSA-2017:2911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2911" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13077" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m7-m2w8-uybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6790?format=api", "vulnerability_id": "VCID-qv3p-mcnx-gfh9", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71683", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71724", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4476" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332422", "reference_id": "1332422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332422" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411", "reference_id": "823411", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411" }, { "reference_url": "https://security.archlinux.org/ASA-201610-3", "reference_id": "ASA-201610-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201610-3" }, { "reference_url": "https://security.archlinux.org/ASA-201610-7", "reference_id": "ASA-201610-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201610-7" }, { "reference_url": "https://security.archlinux.org/AVG-10", "reference_id": "AVG-10", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-10" }, { "reference_url": "https://security.archlinux.org/AVG-11", "reference_id": "AVG-11", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-11" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135413?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4476" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3p-mcnx-gfh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105900?format=api", "vulnerability_id": "VCID-s7gm-17ms-53fd", "summary": "The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4146.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01312", "scoring_system": "epss", "scoring_elements": "0.80156", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01312", "scoring_system": "epss", "scoring_elements": "0.80182", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449", "reference_id": "1219449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371", "reference_id": "787371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://usn.ubuntu.com/2650-1/", "reference_id": "USN-2650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2650-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135399?format=api", "purl": "pkg:deb/debian/wpa@2.3-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-4146" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7gm-17ms-53fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6443?format=api", "vulnerability_id": "VCID-s91q-7xur-gudp", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13087.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.6427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64314", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500303", "reference_id": "1500303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500303" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2911", "reference_id": "RHSA-2017:2911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2911" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13087" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s91q-7xur-gudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105921?format=api", "vulnerability_id": "VCID-sz7g-jw53-yyf1", "summary": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9497.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11468", "scoring_system": "epss", "scoring_elements": "0.93741", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11468", "scoring_system": "epss", "scoring_elements": "0.9375", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699164", "reference_id": "1699164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801", "reference_id": "926801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801" }, { "reference_url": "https://usn.ubuntu.com/3944-1/", "reference_id": "USN-3944-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3944-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135441?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9497" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz7g-jw53-yyf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105891?format=api", "vulnerability_id": "VCID-tbzj-2v9t-myce", "summary": "hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1533", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15415", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2389" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135392?format=api", "purl": "pkg:deb/debian/wpa@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbzj-2v9t-myce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105893?format=api", "vulnerability_id": "VCID-ttwt-unqp-mbec", "summary": "wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3686.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3686.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89329", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89348", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151259", "reference_id": "1151259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151259" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765352", "reference_id": "765352", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765352" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1956", "reference_id": "RHSA-2014:1956", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1956" }, { "reference_url": "https://usn.ubuntu.com/2383-1/", "reference_id": "USN-2383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2383-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135397?format=api", "purl": "pkg:deb/debian/wpa@2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3686" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttwt-unqp-mbec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89331?format=api", "vulnerability_id": "VCID-up8e-3hxu-73ah", "summary": "wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5290.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5290.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54159", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5290" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613", "reference_id": "2067613", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T15:37:32Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303402", "reference_id": "2303402", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303402" }, { "reference_url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/", "reference_id": "abusing-ubuntu-root-privilege-escalation", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T15:37:32Z/" } ], "url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/" }, { "reference_url": "https://ubuntu.com/security/notices/USN-6945-1", "reference_id": "USN-6945-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T15:37:32Z/" } ], "url": "https://ubuntu.com/security/notices/USN-6945-1" }, { "reference_url": "https://usn.ubuntu.com/6945-1/", "reference_id": "USN-6945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135460?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135461?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-22?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-22%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5290" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-up8e-3hxu-73ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105894?format=api", "vulnerability_id": "VCID-uyg6-fyc7-fqf5", "summary": "Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1863.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1863.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08546", "scoring_system": "epss", "scoring_elements": "0.92538", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08546", "scoring_system": "epss", "scoring_elements": "0.92551", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1863" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:H/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211191", "reference_id": "1211191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211191" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783148", "reference_id": "783148", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783148" }, { "reference_url": "https://security.gentoo.org/glsa/201606-17", "reference_id": "GLSA-201606-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1090", "reference_id": "RHSA-2015:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1090" }, { "reference_url": "https://usn.ubuntu.com/2577-1/", "reference_id": "USN-2577-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2577-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135398?format=api", "purl": "pkg:deb/debian/wpa@2.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1863" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyg6-fyc7-fqf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6442?format=api", "vulnerability_id": "VCID-vgs9-juev-53d2", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.6427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.64314", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500304", "reference_id": "1500304", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500304" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2907", "reference_id": "RHSA-2017:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2907" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13088" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgs9-juev-53d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105917?format=api", "vulnerability_id": "VCID-w1t7-99j6-ducn", "summary": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9494.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01518", "scoring_system": "epss", "scoring_elements": "0.81562", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01518", "scoring_system": "epss", "scoring_elements": "0.81591", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699141", "reference_id": "1699141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801", "reference_id": "926801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135441?format=api", "purl": "pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9494" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1t7-99j6-ducn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72109?format=api", "vulnerability_id": "VCID-w27s-tf26-t7fb", "summary": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03982", "scoring_system": "epss", "scoring_elements": "0.88612", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03982", "scoring_system": "epss", "scoring_elements": "0.8863", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846006", "reference_id": "1846006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106", "reference_id": "976106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594", "reference_id": "976594", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983206", "reference_id": "983206", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983206" }, { "reference_url": "https://security.archlinux.org/ASA-202012-16", "reference_id": "ASA-202012-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-16" }, { "reference_url": "https://security.archlinux.org/AVG-1322", "reference_id": "AVG-1322", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1789", "reference_id": "RHSA-2021:1789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1789" }, { "reference_url": "https://usn.ubuntu.com/4494-1/", "reference_id": "USN-4494-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4494-1/" }, { "reference_url": "https://usn.ubuntu.com/4722-1/", "reference_id": "USN-4722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4722-1/" }, { "reference_url": "https://usn.ubuntu.com/4734-1/", "reference_id": "USN-4734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4734-1/" }, { "reference_url": "https://usn.ubuntu.com/4734-2/", "reference_id": "USN-4734-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4734-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135444?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-12695" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w27s-tf26-t7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6447?format=api", "vulnerability_id": "VCID-yj2a-e823-nyfw", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77469", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77497", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:C/I:C/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491694", "reference_id": "1491694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491694" }, { "reference_url": "https://security.archlinux.org/ASA-201710-22", "reference_id": "ASA-201710-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-22" }, { "reference_url": "https://security.archlinux.org/ASA-201710-23", "reference_id": "ASA-201710-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-23" }, { "reference_url": "https://security.archlinux.org/AVG-447", "reference_id": "AVG-447", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-447" }, { "reference_url": "https://security.archlinux.org/AVG-448", "reference_id": "AVG-448", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-448" }, { "reference_url": "https://security.gentoo.org/glsa/201711-03", "reference_id": "GLSA-201711-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-03" }, { "reference_url": "https://usn.ubuntu.com/3455-1/", "reference_id": "USN-3455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3455-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135417?format=api", "purl": "pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-13079" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yj2a-e823-nyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105906?format=api", "vulnerability_id": "VCID-yv7z-2x73-xygy", "summary": "hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10743.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62879", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62921", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811037", "reference_id": "1811037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811037" }, { "reference_url": "https://usn.ubuntu.com/3944-1/", "reference_id": "USN-3944-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3944-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/135411?format=api", "purl": "pkg:deb/debian/wpa@2:2.6-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.6-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135393?format=api", "purl": "pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135391?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135395?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-24?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135394?format=api", "purl": "pkg:deb/debian/wpa@2:2.10-25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10743" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yv7z-2x73-xygy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie" }