{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","type":"deb","namespace":"debian","name":"wpa","version":"2:2.9.0-21+deb11u2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:2.9.0-21+deb11u3","latest_non_vulnerable_version":"2:2.10-25","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105920?format=json","vulnerability_id":"VCID-1ba4-zp3t-j7b7","summary":"An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9496.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9496","reference_id":"","reference_type":"","scores":[{"value":"0.0487","scoring_system":"epss","scoring_elements":"0.89738","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0487","scoring_system":"epss","scoring_elements":"0.89754","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0487","scoring_system":"epss","scoring_elements":"0.89756","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699153","reference_id":"1699153","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699153"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801","reference_id":"926801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135441?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-9496"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ba4-zp3t-j7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85318?format=json","vulnerability_id":"VCID-1eva-m1zn-dbbs","summary":"hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37660.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37660","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38917","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.3901","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39005","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37660"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345113","reference_id":"2345113","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345113"},{"reference_url":"https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4","reference_id":"?id=15af83cf1846870873a011ed4d714732f01cd2e4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:18:13Z/"}],"url":"https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4"},{"reference_url":"https://link.springer.com/article/10.1007/s10207-025-00988-3","reference_id":"s10207-025-00988-3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:18:13Z/"}],"url":"https://link.springer.com/article/10.1007/s10207-025-00988-3"},{"reference_url":"https://usn.ubuntu.com/7317-1/","reference_id":"USN-7317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7317-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135450?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2022-37660"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1eva-m1zn-dbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105892?format=json","vulnerability_id":"VCID-27hh-ygby-hyh9","summary":"Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4445.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4445.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4445","reference_id":"","reference_type":"","scores":[{"value":"0.05318","scoring_system":"epss","scoring_elements":"0.9021","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05318","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05318","scoring_system":"epss","scoring_elements":"0.90224","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689990","reference_id":"689990","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689990"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=859918","reference_id":"859918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=859918"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135396?format=json","purl":"pkg:deb/debian/wpa@1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2012-4445"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27hh-ygby-hyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6248?format=json","vulnerability_id":"VCID-2pae-t1zg-d7dy","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14526.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14526.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14526","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76928","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.79306","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.79333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1614520","reference_id":"1614520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1614520"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905739","reference_id":"905739","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905739"},{"reference_url":"https://security.archlinux.org/AVG-752","reference_id":"AVG-752","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3107","reference_id":"RHSA-2018:3107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3107"},{"reference_url":"https://usn.ubuntu.com/3745-1/","reference_id":"USN-3745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135429?format=json","purl":"pkg:deb/debian/wpa@2:2.6-18?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.6-18%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2018-14526"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pae-t1zg-d7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105904?format=json","vulnerability_id":"VCID-2u68-nqzd-pqcu","summary":"The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5316.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5316","reference_id":"","reference_type":"","scores":[{"value":"0.01524","scoring_system":"epss","scoring_elements":"0.81597","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01524","scoring_system":"epss","scoring_elements":"0.81627","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01524","scoring_system":"epss","scoring_elements":"0.81628","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277865","reference_id":"1277865","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804710","reference_id":"804710","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804710"},{"reference_url":"https://usn.ubuntu.com/2808-1/","reference_id":"USN-2808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2808-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135404?format=json","purl":"pkg:deb/debian/wpa@2.3-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-5316"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u68-nqzd-pqcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105219?format=json","vulnerability_id":"VCID-57qp-9n3e-g7g7","summary":"wpa_supplicant: SAE side channel attacks as a result of cache access patterns","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23303.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23303","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61192","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61241","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61248","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044602","reference_id":"2044602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044602"},{"reference_url":"https://security.gentoo.org/glsa/202309-16","reference_id":"GLSA-202309-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202309-16"},{"reference_url":"https://usn.ubuntu.com/7317-1/","reference_id":"USN-7317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7317-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135450?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135449?format=json","purl":"pkg:deb/debian/wpa@2:2.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2022-23303"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57qp-9n3e-g7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5003?format=json","vulnerability_id":"VCID-5uqd-9srx-buhb","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27803.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27803","reference_id":"","reference_type":"","scores":[{"value":"0.00827","scoring_system":"epss","scoring_elements":"0.74873","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00827","scoring_system":"epss","scoring_elements":"0.74843","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00827","scoring_system":"epss","scoring_elements":"0.74879","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch","reference_id":"0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/02/27/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/02/27/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933361","reference_id":"1933361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933361"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/02/25/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://www.openwall.com/lists/oss-security/2021/02/25/3"},{"reference_url":"https://security.archlinux.org/AVG-1626","reference_id":"AVG-1626","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1626"},{"reference_url":"https://www.debian.org/security/2021/dsa-4898","reference_id":"dsa-4898","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://www.debian.org/security/2021/dsa-4898"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/","reference_id":"IZGUR5XFHATVXTRAEJMODS7ROYHA56NX","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/","reference_id":"KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0808","reference_id":"RHSA-2021:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0809","reference_id":"RHSA-2021:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0816","reference_id":"RHSA-2021:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0818","reference_id":"RHSA-2021:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0818"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/","reference_id":"SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/"},{"reference_url":"https://usn.ubuntu.com/4757-1/","reference_id":"USN-4757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4757-1/"},{"reference_url":"https://usn.ubuntu.com/4757-2/","reference_id":"USN-4757-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4757-2/"},{"reference_url":"https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt","reference_id":"wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-18T14:57:24Z/"}],"url":"https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135447?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2021-27803"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uqd-9srx-buhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105913?format=json","vulnerability_id":"VCID-64pb-r9pk-3bfk","summary":"The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13377.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13377","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69312","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737665","reference_id":"1737665","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180","reference_id":"934180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180"},{"reference_url":"https://usn.ubuntu.com/4098-1/","reference_id":"USN-4098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4098-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135434?format=json","purl":"pkg:deb/debian/wpa@2:2.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-13377"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64pb-r9pk-3bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105217?format=json","vulnerability_id":"VCID-6jb3-mw38-gqaf","summary":"wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23304.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23304","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26135","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26239","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26232","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044599","reference_id":"2044599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044599"},{"reference_url":"https://security.gentoo.org/glsa/202309-16","reference_id":"GLSA-202309-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202309-16"},{"reference_url":"https://usn.ubuntu.com/7317-1/","reference_id":"USN-7317-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7317-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135450?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135449?format=json","purl":"pkg:deb/debian/wpa@2:2.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2022-23304"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jb3-mw38-gqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91225?format=json","vulnerability_id":"VCID-7fuh-9z2r-ekee","summary":"wpa_supplicant: potential authorization bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52160.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52160","reference_id":"","reference_type":"","scores":[{"value":"0.0417","scoring_system":"epss","scoring_elements":"0.88899","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52160"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064061","reference_id":"1064061","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264593","reference_id":"2264593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264593"},{"reference_url":"https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c","reference_id":"?id=8e6485a1bcb0baffdea9e55255a81270b768439c","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/"}],"url":"https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/","reference_id":"N46C4DTVUWK336OYDA4LGALSC5VVPTCC","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/","reference_id":"QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2517","reference_id":"RHSA-2024:2517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2517"},{"reference_url":"https://www.top10vpn.com/research/wifi-vulnerabilities/","reference_id":"wifi-vulnerabilities","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:43:25Z/"}],"url":"https://www.top10vpn.com/research/wifi-vulnerabilities/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135458?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135457?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135459?format=json","purl":"pkg:deb/debian/wpa@2:2.10-21.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-21.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2023-52160"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fuh-9z2r-ekee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6440?format=json","vulnerability_id":"VCID-7kes-xst7-z3d3","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13086.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13086.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13086","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64663","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64673","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64622","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500302","reference_id":"1500302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500302"},{"reference_url":"https://security.archlinux.org/AVG-453","reference_id":"AVG-453","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-453"},{"reference_url":"https://security.archlinux.org/AVG-454","reference_id":"AVG-454","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-454"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13086"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kes-xst7-z3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6444?format=json","vulnerability_id":"VCID-7q6k-mpk6-t7bv","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13082.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13082","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62914","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62872","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491698","reference_id":"1491698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491698"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13082"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7q6k-mpk6-t7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105895?format=json","vulnerability_id":"VCID-7y9t-7akx-afg7","summary":"The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4141.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4141","reference_id":"","reference_type":"","scores":[{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81221","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81249","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81251","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221172","reference_id":"1221172","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221172"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372","reference_id":"787372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787372"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://usn.ubuntu.com/2650-1/","reference_id":"USN-2650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2650-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-4141"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7y9t-7akx-afg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6445?format=json","vulnerability_id":"VCID-84gv-j3vy-kbhp","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13081.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13081","reference_id":"","reference_type":"","scores":[{"value":"0.0111","scoring_system":"epss","scoring_elements":"0.78508","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0111","scoring_system":"epss","scoring_elements":"0.78517","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0111","scoring_system":"epss","scoring_elements":"0.78482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491697","reference_id":"1491697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491697"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"},{"reference_url":"https://usn.ubuntu.com/3505-1/","reference_id":"USN-3505-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3505-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13081"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84gv-j3vy-kbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105902?format=json","vulnerability_id":"VCID-8d56-3k4a-c7hy","summary":"The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5314","reference_id":"","reference_type":"","scores":[{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78829","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78855","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78862","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708","reference_id":"804708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708"},{"reference_url":"https://usn.ubuntu.com/2808-1/","reference_id":"USN-2808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2808-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135404?format=json","purl":"pkg:deb/debian/wpa@2.3-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-5314"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d56-3k4a-c7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105918?format=json","vulnerability_id":"VCID-awmy-cpam-xqah","summary":"The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9495.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9495","reference_id":"","reference_type":"","scores":[{"value":"0.06885","scoring_system":"epss","scoring_elements":"0.91537","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06885","scoring_system":"epss","scoring_elements":"0.9155","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06885","scoring_system":"epss","scoring_elements":"0.91551","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699149","reference_id":"1699149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699149"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801","reference_id":"926801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801"},{"reference_url":"https://usn.ubuntu.com/3944-1/","reference_id":"USN-3944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3944-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135441?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-9495"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awmy-cpam-xqah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6448?format=json","vulnerability_id":"VCID-b8k9-3pnn-ekgs","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13078.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13078","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74653","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74658","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74621","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491693","reference_id":"1491693","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491693"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2911","reference_id":"RHSA-2017:2911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2911"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13078"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8k9-3pnn-ekgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105905?format=json","vulnerability_id":"VCID-bugv-6pzr-tuhy","summary":"Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8041.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8041","reference_id":"","reference_type":"","scores":[{"value":"0.0158","scoring_system":"epss","scoring_elements":"0.81912","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0158","scoring_system":"epss","scoring_elements":"0.81946","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0158","scoring_system":"epss","scoring_elements":"0.81947","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1241905","reference_id":"1241905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1241905"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740","reference_id":"795740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-8041"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bugv-6pzr-tuhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105899?format=json","vulnerability_id":"VCID-c1uc-msuh-bbgq","summary":"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4145.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4145","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79284","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7931","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79315","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449","reference_id":"1219449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371","reference_id":"787371","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://usn.ubuntu.com/2650-1/","reference_id":"USN-2650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2650-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-4145"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1uc-msuh-bbgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5690?format=json","vulnerability_id":"VCID-c6rb-kwrq-uubn","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-0326.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-0326.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-0326","reference_id":"","reference_type":"","scores":[{"value":"0.1638","scoring_system":"epss","scoring_elements":"0.94986","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1638","scoring_system":"epss","scoring_elements":"0.94994","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1638","scoring_system":"epss","scoring_elements":"0.94995","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-0326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925152","reference_id":"1925152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925152"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971","reference_id":"981971","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971"},{"reference_url":"https://security.archlinux.org/ASA-202102-25","reference_id":"ASA-202102-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-25"},{"reference_url":"https://security.archlinux.org/AVG-1530","reference_id":"AVG-1530","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1686","reference_id":"RHSA-2021:1686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1686"},{"reference_url":"https://usn.ubuntu.com/4734-1/","reference_id":"USN-4734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4734-1/"},{"reference_url":"https://usn.ubuntu.com/4734-2/","reference_id":"USN-4734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135446?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-17?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-17%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2021-0326"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6rb-kwrq-uubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105909?format=json","vulnerability_id":"VCID-cmpu-sjnc-qyc9","summary":"hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10064.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10064","reference_id":"","reference_type":"","scores":[{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.80797","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.80825","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01405","scoring_system":"epss","scoring_elements":"0.80826","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10064"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811069","reference_id":"1811069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811069"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135411?format=json","purl":"pkg:deb/debian/wpa@2:2.6-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.6-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-10064"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmpu-sjnc-qyc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105922?format=json","vulnerability_id":"VCID-d17v-v7yt-5kb3","summary":"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9498.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9498","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74298","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74331","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74336","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699168","reference_id":"1699168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801","reference_id":"926801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801"},{"reference_url":"https://usn.ubuntu.com/3944-1/","reference_id":"USN-3944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3944-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135441?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-9498"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d17v-v7yt-5kb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84584?format=json","vulnerability_id":"VCID-d4vx-9hvu-mqhw","summary":"hostapd: RADIUS Packet Processing Flaw in hostapd","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24912.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24912.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24912","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10285","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10265","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24912"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351487","reference_id":"2351487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351487"},{"reference_url":"https://w1.fi/hostapd/","reference_id":"hostapd","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/"}],"url":"https://w1.fi/hostapd/"},{"reference_url":"https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109","reference_id":"?id=339a334551ca911187cc870f4f97ef08e11db109","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/"}],"url":"https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109"},{"reference_url":"https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44","reference_id":"?id=726432d7622cc0088ac353d073b59628b590ea44","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/"}],"url":"https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44"},{"reference_url":"https://jvn.jp/en/jp/JVN19358384/","reference_id":"JVN19358384","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T13:21:52Z/"}],"url":"https://jvn.jp/en/jp/JVN19358384/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135392?format=json","purl":"pkg:deb/debian/wpa@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2025-24912"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4vx-9hvu-mqhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105912?format=json","vulnerability_id":"VCID-dc5z-thyu-sqhb","summary":"The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11555.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11555.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11555","reference_id":"","reference_type":"","scores":[{"value":"0.09377","scoring_system":"epss","scoring_elements":"0.92932","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09377","scoring_system":"epss","scoring_elements":"0.92942","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09377","scoring_system":"epss","scoring_elements":"0.92939","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703417","reference_id":"1703417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927463","reference_id":"927463","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927463"},{"reference_url":"https://security.gentoo.org/glsa/201908-25","reference_id":"GLSA-201908-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-25"},{"reference_url":"https://usn.ubuntu.com/3969-1/","reference_id":"USN-3969-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3969-1/"},{"reference_url":"https://usn.ubuntu.com/3969-2/","reference_id":"USN-3969-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3969-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135432?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-11555"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc5z-thyu-sqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6789?format=json","vulnerability_id":"VCID-dvkq-285n-9kaw","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4477.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4477","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32299","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32372","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32341","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4477"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332423","reference_id":"1332423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411","reference_id":"823411","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411"},{"reference_url":"https://security.archlinux.org/ASA-201610-3","reference_id":"ASA-201610-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201610-3"},{"reference_url":"https://security.archlinux.org/ASA-201610-7","reference_id":"ASA-201610-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201610-7"},{"reference_url":"https://security.archlinux.org/AVG-10","reference_id":"AVG-10","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-10"},{"reference_url":"https://security.archlinux.org/AVG-11","reference_id":"AVG-11","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-11"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135413?format=json","purl":"pkg:deb/debian/wpa@2.3-2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2016-4477"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvkq-285n-9kaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105903?format=json","vulnerability_id":"VCID-edpz-qhd8-jfez","summary":"The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5315.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5315.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5315","reference_id":"","reference_type":"","scores":[{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78829","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78855","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0115","scoring_system":"epss","scoring_elements":"0.78862","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278377","reference_id":"1278377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708","reference_id":"804708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804708"},{"reference_url":"https://usn.ubuntu.com/2808-1/","reference_id":"USN-2808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2808-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135404?format=json","purl":"pkg:deb/debian/wpa@2.3-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-5315"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edpz-qhd8-jfez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105896?format=json","vulnerability_id":"VCID-fwsj-n5rh-53h1","summary":"Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4142","reference_id":"","reference_type":"","scores":[{"value":"0.07071","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07071","scoring_system":"epss","scoring_elements":"0.91673","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07071","scoring_system":"epss","scoring_elements":"0.91675","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221178","reference_id":"1221178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221178"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373","reference_id":"787373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787373"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1090","reference_id":"RHSA-2015:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1439","reference_id":"RHSA-2015:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1439"},{"reference_url":"https://usn.ubuntu.com/2650-1/","reference_id":"USN-2650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2650-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-4142"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwsj-n5rh-53h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105901?format=json","vulnerability_id":"VCID-hxn4-6y6j-83cz","summary":"The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5310.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5310","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53929","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53987","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53994","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277857","reference_id":"1277857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277857"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804707","reference_id":"804707","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804707"},{"reference_url":"https://usn.ubuntu.com/2808-1/","reference_id":"USN-2808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2808-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135404?format=json","purl":"pkg:deb/debian/wpa@2.3-2.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-5310"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxn4-6y6j-83cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105915?format=json","vulnerability_id":"VCID-kj7b-sur9-hfhb","summary":"An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5061","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52699","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52764","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5061"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5061","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135439?format=json","purl":"pkg:deb/debian/wpa@2:2.9%2Bgit20200213%2B877d9a0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9%252Bgit20200213%252B877d9a0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-5061"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kj7b-sur9-hfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105898?format=json","vulnerability_id":"VCID-kyvg-q58s-cfff","summary":"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4144.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4144.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4144","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79284","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7931","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79315","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449","reference_id":"1219449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371","reference_id":"787371","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://usn.ubuntu.com/2650-1/","reference_id":"USN-2650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2650-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-4144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyvg-q58s-cfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105923?format=json","vulnerability_id":"VCID-m6c2-crap-b3b7","summary":"The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9499.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9499.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9499","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74298","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74331","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74336","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699170","reference_id":"1699170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699170"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801","reference_id":"926801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801"},{"reference_url":"https://usn.ubuntu.com/3944-1/","reference_id":"USN-3944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3944-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135441?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-9499"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6c2-crap-b3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105897?format=json","vulnerability_id":"VCID-mwc1-rpqz-uqcj","summary":"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4143.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4143","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79284","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7931","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79315","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449","reference_id":"1219449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371","reference_id":"787371","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://usn.ubuntu.com/2650-1/","reference_id":"USN-2650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2650-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-4143"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwc1-rpqz-uqcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6446?format=json","vulnerability_id":"VCID-n7rh-f4mj-jbdq","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13080.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13080","reference_id":"","reference_type":"","scores":[{"value":"0.00948","scoring_system":"epss","scoring_elements":"0.76734","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00948","scoring_system":"epss","scoring_elements":"0.7674","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00948","scoring_system":"epss","scoring_elements":"0.76704","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491696","reference_id":"1491696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491696"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2911","reference_id":"RHSA-2017:2911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2911"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"},{"reference_url":"https://usn.ubuntu.com/3505-1/","reference_id":"USN-3505-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3505-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13080"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7rh-f4mj-jbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105914?format=json","vulnerability_id":"VCID-p4b2-1g26-nkd2","summary":"hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16275.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16275","reference_id":"","reference_type":"","scores":[{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70594","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70636","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70645","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1767023","reference_id":"1767023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1767023"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940080","reference_id":"940080","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940080"},{"reference_url":"https://usn.ubuntu.com/4136-1/","reference_id":"USN-4136-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4136-1/"},{"reference_url":"https://usn.ubuntu.com/4136-2/","reference_id":"USN-4136-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4136-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135436?format=json","purl":"pkg:deb/debian/wpa@2:2.9-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-16275"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4b2-1g26-nkd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6449?format=json","vulnerability_id":"VCID-p6m7-m2w8-uybh","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13077.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13077","reference_id":"","reference_type":"","scores":[{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71565","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71571","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71521","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491692","reference_id":"1491692","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491692"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2911","reference_id":"RHSA-2017:2911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2911"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13077"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m7-m2w8-uybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6790?format=json","vulnerability_id":"VCID-qv3p-mcnx-gfh9","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4476.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4476","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71683","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71724","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.7173","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332422","reference_id":"1332422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332422"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411","reference_id":"823411","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411"},{"reference_url":"https://security.archlinux.org/ASA-201610-3","reference_id":"ASA-201610-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201610-3"},{"reference_url":"https://security.archlinux.org/ASA-201610-7","reference_id":"ASA-201610-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201610-7"},{"reference_url":"https://security.archlinux.org/AVG-10","reference_id":"AVG-10","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-10"},{"reference_url":"https://security.archlinux.org/AVG-11","reference_id":"AVG-11","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-11"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135413?format=json","purl":"pkg:deb/debian/wpa@2.3-2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2016-4476"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3p-mcnx-gfh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105900?format=json","vulnerability_id":"VCID-s7gm-17ms-53fd","summary":"The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4146","reference_id":"","reference_type":"","scores":[{"value":"0.01312","scoring_system":"epss","scoring_elements":"0.80156","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01312","scoring_system":"epss","scoring_elements":"0.80182","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01312","scoring_system":"epss","scoring_elements":"0.80186","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449","reference_id":"1219449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371","reference_id":"787371","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://usn.ubuntu.com/2650-1/","reference_id":"USN-2650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2650-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135399?format=json","purl":"pkg:deb/debian/wpa@2.3-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-4146"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7gm-17ms-53fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6443?format=json","vulnerability_id":"VCID-s91q-7xur-gudp","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13087.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13087.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13087","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64323","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.6427","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500303","reference_id":"1500303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500303"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2911","reference_id":"RHSA-2017:2911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2911"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13087"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s91q-7xur-gudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105921?format=json","vulnerability_id":"VCID-sz7g-jw53-yyf1","summary":"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9497.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9497","reference_id":"","reference_type":"","scores":[{"value":"0.11468","scoring_system":"epss","scoring_elements":"0.93741","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11468","scoring_system":"epss","scoring_elements":"0.9375","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699164","reference_id":"1699164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801","reference_id":"926801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801"},{"reference_url":"https://usn.ubuntu.com/3944-1/","reference_id":"USN-3944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3944-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135441?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-9497"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sz7g-jw53-yyf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105891?format=json","vulnerability_id":"VCID-tbzj-2v9t-myce","summary":"hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2389","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15415","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15405","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2389"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135392?format=json","purl":"pkg:deb/debian/wpa@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2012-2389"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbzj-2v9t-myce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105893?format=json","vulnerability_id":"VCID-ttwt-unqp-mbec","summary":"wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3686.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3686","reference_id":"","reference_type":"","scores":[{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89329","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89348","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89349","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1151259","reference_id":"1151259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1151259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765352","reference_id":"765352","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765352"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1956","reference_id":"RHSA-2014:1956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1956"},{"reference_url":"https://usn.ubuntu.com/2383-1/","reference_id":"USN-2383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2383-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135397?format=json","purl":"pkg:deb/debian/wpa@2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2014-3686"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttwt-unqp-mbec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89331?format=json","vulnerability_id":"VCID-up8e-3hxu-73ah","summary":"wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5290.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5290","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54167","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54159","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5290"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613","reference_id":"2067613","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T15:37:32Z/"}],"url":"https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2303402","reference_id":"2303402","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2303402"},{"reference_url":"https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/","reference_id":"abusing-ubuntu-root-privilege-escalation","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T15:37:32Z/"}],"url":"https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/"},{"reference_url":"https://ubuntu.com/security/notices/USN-6945-1","reference_id":"USN-6945-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T15:37:32Z/"}],"url":"https://ubuntu.com/security/notices/USN-6945-1"},{"reference_url":"https://usn.ubuntu.com/6945-1/","reference_id":"USN-6945-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6945-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135460?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135461?format=json","purl":"pkg:deb/debian/wpa@2:2.10-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2024-5290"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-up8e-3hxu-73ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105894?format=json","vulnerability_id":"VCID-uyg6-fyc7-fqf5","summary":"Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1863.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1863","reference_id":"","reference_type":"","scores":[{"value":"0.08546","scoring_system":"epss","scoring_elements":"0.92538","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08546","scoring_system":"epss","scoring_elements":"0.92551","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08546","scoring_system":"epss","scoring_elements":"0.92547","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:H/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1211191","reference_id":"1211191","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1211191"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783148","reference_id":"783148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783148"},{"reference_url":"https://security.gentoo.org/glsa/201606-17","reference_id":"GLSA-201606-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1090","reference_id":"RHSA-2015:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1090"},{"reference_url":"https://usn.ubuntu.com/2577-1/","reference_id":"USN-2577-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2577-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135398?format=json","purl":"pkg:deb/debian/wpa@2.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2015-1863"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyg6-fyc7-fqf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6442?format=json","vulnerability_id":"VCID-vgs9-juev-53d2","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13088.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13088","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.64323","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.6427","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500304","reference_id":"1500304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500304"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2907","reference_id":"RHSA-2017:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2907"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13088"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgs9-juev-53d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105917?format=json","vulnerability_id":"VCID-w1t7-99j6-ducn","summary":"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9494.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9494","reference_id":"","reference_type":"","scores":[{"value":"0.01518","scoring_system":"epss","scoring_elements":"0.81562","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01518","scoring_system":"epss","scoring_elements":"0.81591","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01518","scoring_system":"epss","scoring_elements":"0.81593","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699141","reference_id":"1699141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801","reference_id":"926801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135441?format=json","purl":"pkg:deb/debian/wpa@2:2.7%2Bgit20190128%2B0c1e29f-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.7%252Bgit20190128%252B0c1e29f-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2019-9494"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1t7-99j6-ducn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72109?format=json","vulnerability_id":"VCID-w27s-tf26-t7fb","summary":"The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12695","reference_id":"","reference_type":"","scores":[{"value":"0.03982","scoring_system":"epss","scoring_elements":"0.88612","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03982","scoring_system":"epss","scoring_elements":"0.8863","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03982","scoring_system":"epss","scoring_elements":"0.88631","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846006","reference_id":"1846006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106","reference_id":"976106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594","reference_id":"976594","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983206","reference_id":"983206","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983206"},{"reference_url":"https://security.archlinux.org/ASA-202012-16","reference_id":"ASA-202012-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-16"},{"reference_url":"https://security.archlinux.org/AVG-1322","reference_id":"AVG-1322","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1789","reference_id":"RHSA-2021:1789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1789"},{"reference_url":"https://usn.ubuntu.com/4494-1/","reference_id":"USN-4494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4494-1/"},{"reference_url":"https://usn.ubuntu.com/4722-1/","reference_id":"USN-4722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4722-1/"},{"reference_url":"https://usn.ubuntu.com/4734-1/","reference_id":"USN-4734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4734-1/"},{"reference_url":"https://usn.ubuntu.com/4734-2/","reference_id":"USN-4734-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4734-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135444?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2020-12695"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w27s-tf26-t7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6447?format=json","vulnerability_id":"VCID-yj2a-e823-nyfw","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13079.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13079","reference_id":"","reference_type":"","scores":[{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77506","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77469","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:C/I:C/A:N"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491694","reference_id":"1491694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491694"},{"reference_url":"https://security.archlinux.org/ASA-201710-22","reference_id":"ASA-201710-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-22"},{"reference_url":"https://security.archlinux.org/ASA-201710-23","reference_id":"ASA-201710-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-23"},{"reference_url":"https://security.archlinux.org/AVG-447","reference_id":"AVG-447","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-447"},{"reference_url":"https://security.archlinux.org/AVG-448","reference_id":"AVG-448","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-448"},{"reference_url":"https://security.gentoo.org/glsa/201711-03","reference_id":"GLSA-201711-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-03"},{"reference_url":"https://usn.ubuntu.com/3455-1/","reference_id":"USN-3455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3455-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135417?format=json","purl":"pkg:deb/debian/wpa@2:2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2017-13079"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yj2a-e823-nyfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105906?format=json","vulnerability_id":"VCID-yv7z-2x73-xygy","summary":"hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10743.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10743","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62879","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62921","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.6293","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10743"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811037","reference_id":"1811037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811037"},{"reference_url":"https://usn.ubuntu.com/3944-1/","reference_id":"USN-3944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3944-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/135411?format=json","purl":"pkg:deb/debian/wpa@2:2.6-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.6-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135393?format=json","purl":"pkg:deb/debian/wpa@2:2.9.0-21%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135391?format=json","purl":"pkg:deb/debian/wpa@2:2.10-12%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-12%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135395?format=json","purl":"pkg:deb/debian/wpa@2:2.10-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/135394?format=json","purl":"pkg:deb/debian/wpa@2:2.10-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.10-25%3Fdistro=trixie"}],"aliases":["CVE-2016-10743"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv7z-2x73-xygy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.9.0-21%252Bdeb11u2%3Fdistro=trixie"}