| 0 |
| url |
VCID-1ba4-zp3t-j7b7 |
| vulnerability_id |
VCID-1ba4-zp3t-j7b7 |
| summary |
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9496 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0487 |
| scoring_system |
epss |
| scoring_elements |
0.89738 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0487 |
| scoring_system |
epss |
| scoring_elements |
0.89754 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0487 |
| scoring_system |
epss |
| scoring_elements |
0.89771 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.0487 |
| scoring_system |
epss |
| scoring_elements |
0.89756 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.0487 |
| scoring_system |
epss |
| scoring_elements |
0.89755 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9496 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-9496
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| url |
VCID-1eva-m1zn-dbbs |
| vulnerability_id |
VCID-1eva-m1zn-dbbs |
| summary |
hostapd: Public Key Exchange (PKEX) Reuse Vulnerability in hostapd |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37660 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.38917 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.38966 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39005 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3901 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.38981 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.38954 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37660 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-37660
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1eva-m1zn-dbbs |
|
| 2 |
| url |
VCID-2pae-t1zg-d7dy |
| vulnerability_id |
VCID-2pae-t1zg-d7dy |
| summary |
information disclosure |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14526 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00964 |
| scoring_system |
epss |
| scoring_elements |
0.76928 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00964 |
| scoring_system |
epss |
| scoring_elements |
0.76916 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.00964 |
| scoring_system |
epss |
| scoring_elements |
0.76927 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.00964 |
| scoring_system |
epss |
| scoring_elements |
0.76905 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.79333 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.01209 |
| scoring_system |
epss |
| scoring_elements |
0.79306 |
| published_at |
2026-06-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14526 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-14526
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2pae-t1zg-d7dy |
|
| 3 |
| url |
VCID-2u68-nqzd-pqcu |
| vulnerability_id |
VCID-2u68-nqzd-pqcu |
| summary |
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5316 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01524 |
| scoring_system |
epss |
| scoring_elements |
0.81597 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01524 |
| scoring_system |
epss |
| scoring_elements |
0.81627 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01524 |
| scoring_system |
epss |
| scoring_elements |
0.81628 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.01524 |
| scoring_system |
epss |
| scoring_elements |
0.81622 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.01524 |
| scoring_system |
epss |
| scoring_elements |
0.81636 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5316 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-5316
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2u68-nqzd-pqcu |
|
| 4 |
| url |
VCID-57qp-9n3e-g7g7 |
| vulnerability_id |
VCID-57qp-9n3e-g7g7 |
| summary |
wpa_supplicant: SAE side channel attacks as a result of cache access patterns |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23303 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.61192 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.61241 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.61248 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.61235 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.61217 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.61237 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23303 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23303
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-57qp-9n3e-g7g7 |
|
| 5 |
| url |
VCID-5uqd-9srx-buhb |
| vulnerability_id |
VCID-5uqd-9srx-buhb |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27803 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00827 |
| scoring_system |
epss |
| scoring_elements |
0.74843 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00827 |
| scoring_system |
epss |
| scoring_elements |
0.74879 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00827 |
| scoring_system |
epss |
| scoring_elements |
0.74873 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00827 |
| scoring_system |
epss |
| scoring_elements |
0.74881 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.00827 |
| scoring_system |
epss |
| scoring_elements |
0.74854 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00827 |
| scoring_system |
epss |
| scoring_elements |
0.7487 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27803 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27803
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5uqd-9srx-buhb |
|
| 6 |
| url |
VCID-64pb-r9pk-3bfk |
| vulnerability_id |
VCID-64pb-r9pk-3bfk |
| summary |
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13377 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0058 |
| scoring_system |
epss |
| scoring_elements |
0.69263 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0058 |
| scoring_system |
epss |
| scoring_elements |
0.69303 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0058 |
| scoring_system |
epss |
| scoring_elements |
0.69312 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0058 |
| scoring_system |
epss |
| scoring_elements |
0.69302 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0058 |
| scoring_system |
epss |
| scoring_elements |
0.69287 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0058 |
| scoring_system |
epss |
| scoring_elements |
0.69307 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13377 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-13377
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-64pb-r9pk-3bfk |
|
| 7 |
| url |
VCID-6jb3-mw38-gqaf |
| vulnerability_id |
VCID-6jb3-mw38-gqaf |
| summary |
wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23304 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26135 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26239 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26232 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26186 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.2613 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26136 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23304 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23304
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6jb3-mw38-gqaf |
|
| 8 |
|
| 9 |
| url |
VCID-7kes-xst7-z3d3 |
| vulnerability_id |
VCID-7kes-xst7-z3d3 |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13086 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64669 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64622 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64661 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64673 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64651 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64663 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13086 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13086
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kes-xst7-z3d3 |
|
| 10 |
| url |
VCID-7q6k-mpk6-t7bv |
| vulnerability_id |
VCID-7q6k-mpk6-t7bv |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13082 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62899 |
| published_at |
2026-06-08T12:55:00Z |
|
| 1 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62924 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62872 |
| published_at |
2026-06-04T12:55:00Z |
|
| 3 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62914 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62913 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13082 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13082
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7q6k-mpk6-t7bv |
|
| 11 |
| url |
VCID-7y9t-7akx-afg7 |
| vulnerability_id |
VCID-7y9t-7akx-afg7 |
| summary |
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4141 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01465 |
| scoring_system |
epss |
| scoring_elements |
0.81221 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01465 |
| scoring_system |
epss |
| scoring_elements |
0.81249 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01465 |
| scoring_system |
epss |
| scoring_elements |
0.81251 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01465 |
| scoring_system |
epss |
| scoring_elements |
0.81248 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01465 |
| scoring_system |
epss |
| scoring_elements |
0.81244 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01465 |
| scoring_system |
epss |
| scoring_elements |
0.81261 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4141 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-4141
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7y9t-7akx-afg7 |
|
| 12 |
| url |
VCID-84gv-j3vy-kbhp |
| vulnerability_id |
VCID-84gv-j3vy-kbhp |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13081 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0111 |
| scoring_system |
epss |
| scoring_elements |
0.78511 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.0111 |
| scoring_system |
epss |
| scoring_elements |
0.78482 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.0111 |
| scoring_system |
epss |
| scoring_elements |
0.78506 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.0111 |
| scoring_system |
epss |
| scoring_elements |
0.78517 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.0111 |
| scoring_system |
epss |
| scoring_elements |
0.78493 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0111 |
| scoring_system |
epss |
| scoring_elements |
0.78508 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13081 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13081
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84gv-j3vy-kbhp |
|
| 13 |
| url |
VCID-8d56-3k4a-c7hy |
| vulnerability_id |
VCID-8d56-3k4a-c7hy |
| summary |
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5314 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78829 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78855 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78862 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78853 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78842 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78859 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5314 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-5314
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8d56-3k4a-c7hy |
|
| 14 |
| url |
VCID-awmy-cpam-xqah |
| vulnerability_id |
VCID-awmy-cpam-xqah |
| summary |
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9495 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06885 |
| scoring_system |
epss |
| scoring_elements |
0.91537 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.06885 |
| scoring_system |
epss |
| scoring_elements |
0.9155 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.06885 |
| scoring_system |
epss |
| scoring_elements |
0.91551 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.06885 |
| scoring_system |
epss |
| scoring_elements |
0.91549 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.06885 |
| scoring_system |
epss |
| scoring_elements |
0.91546 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.06885 |
| scoring_system |
epss |
| scoring_elements |
0.9156 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9495 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2019-9495
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-awmy-cpam-xqah |
|
| 15 |
| url |
VCID-b8k9-3pnn-ekgs |
| vulnerability_id |
VCID-b8k9-3pnn-ekgs |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13078 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74655 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74621 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74646 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74658 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74629 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74653 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13078 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13078
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b8k9-3pnn-ekgs |
|
| 16 |
| url |
VCID-bugv-6pzr-tuhy |
| vulnerability_id |
VCID-bugv-6pzr-tuhy |
| summary |
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8041 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0158 |
| scoring_system |
epss |
| scoring_elements |
0.81912 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0158 |
| scoring_system |
epss |
| scoring_elements |
0.81946 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0158 |
| scoring_system |
epss |
| scoring_elements |
0.81947 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0158 |
| scoring_system |
epss |
| scoring_elements |
0.81948 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0158 |
| scoring_system |
epss |
| scoring_elements |
0.81941 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0158 |
| scoring_system |
epss |
| scoring_elements |
0.81956 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8041 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-8041
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bugv-6pzr-tuhy |
|
| 17 |
| url |
VCID-c1uc-msuh-bbgq |
| vulnerability_id |
VCID-c1uc-msuh-bbgq |
| summary |
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4145 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79284 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.7931 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79315 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79308 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79297 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4145 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-4145
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c1uc-msuh-bbgq |
|
| 18 |
| url |
VCID-c6rb-kwrq-uubn |
| vulnerability_id |
VCID-c6rb-kwrq-uubn |
| summary |
arbitrary code execution |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-0326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.1638 |
| scoring_system |
epss |
| scoring_elements |
0.94986 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.1638 |
| scoring_system |
epss |
| scoring_elements |
0.95002 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.1638 |
| scoring_system |
epss |
| scoring_elements |
0.94998 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.1638 |
| scoring_system |
epss |
| scoring_elements |
0.94997 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.1638 |
| scoring_system |
epss |
| scoring_elements |
0.94994 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.1638 |
| scoring_system |
epss |
| scoring_elements |
0.94995 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-0326 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-0326
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c6rb-kwrq-uubn |
|
| 19 |
| url |
VCID-cmpu-sjnc-qyc9 |
| vulnerability_id |
VCID-cmpu-sjnc-qyc9 |
| summary |
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10064 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01405 |
| scoring_system |
epss |
| scoring_elements |
0.80797 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01405 |
| scoring_system |
epss |
| scoring_elements |
0.80825 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01405 |
| scoring_system |
epss |
| scoring_elements |
0.80826 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01405 |
| scoring_system |
epss |
| scoring_elements |
0.80824 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01405 |
| scoring_system |
epss |
| scoring_elements |
0.8082 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01405 |
| scoring_system |
epss |
| scoring_elements |
0.80839 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10064 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10064
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cmpu-sjnc-qyc9 |
|
| 20 |
| url |
VCID-d17v-v7yt-5kb3 |
| vulnerability_id |
VCID-d17v-v7yt-5kb3 |
| summary |
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74298 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74331 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74304 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74336 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74322 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9498 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2019-9498
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
6.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d17v-v7yt-5kb3 |
|
| 21 |
| url |
VCID-dc5z-thyu-sqhb |
| vulnerability_id |
VCID-dc5z-thyu-sqhb |
| summary |
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11555 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09377 |
| scoring_system |
epss |
| scoring_elements |
0.92932 |
| published_at |
2026-06-08T12:55:00Z |
|
| 1 |
| value |
0.09377 |
| scoring_system |
epss |
| scoring_elements |
0.92942 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.09377 |
| scoring_system |
epss |
| scoring_elements |
0.92939 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.09377 |
| scoring_system |
epss |
| scoring_elements |
0.92934 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11555 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2019-11555
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dc5z-thyu-sqhb |
|
| 22 |
| url |
VCID-dvkq-285n-9kaw |
| vulnerability_id |
VCID-dvkq-285n-9kaw |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4477 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32296 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32341 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32303 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32273 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32299 |
| published_at |
2026-06-04T12:55:00Z |
|
| 5 |
| value |
0.00132 |
| scoring_system |
epss |
| scoring_elements |
0.32372 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4477 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2016-4477
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dvkq-285n-9kaw |
|
| 23 |
| url |
VCID-edpz-qhd8-jfez |
| vulnerability_id |
VCID-edpz-qhd8-jfez |
| summary |
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5315 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78829 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78855 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78862 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78853 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78842 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0115 |
| scoring_system |
epss |
| scoring_elements |
0.78859 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5315 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-5315
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edpz-qhd8-jfez |
|
| 24 |
| url |
VCID-fwsj-n5rh-53h1 |
| vulnerability_id |
VCID-fwsj-n5rh-53h1 |
| summary |
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4142 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07071 |
| scoring_system |
epss |
| scoring_elements |
0.91661 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.07071 |
| scoring_system |
epss |
| scoring_elements |
0.91673 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.07071 |
| scoring_system |
epss |
| scoring_elements |
0.91675 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.07071 |
| scoring_system |
epss |
| scoring_elements |
0.91672 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.07071 |
| scoring_system |
epss |
| scoring_elements |
0.91671 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.07071 |
| scoring_system |
epss |
| scoring_elements |
0.91685 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4142 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-4142
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fwsj-n5rh-53h1 |
|
| 25 |
| url |
VCID-hxn4-6y6j-83cz |
| vulnerability_id |
VCID-hxn4-6y6j-83cz |
| summary |
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5310 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53929 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53987 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53994 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53983 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.5396 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5310 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-5310
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hxn4-6y6j-83cz |
|
| 26 |
| url |
VCID-kj7b-sur9-hfhb |
| vulnerability_id |
VCID-kj7b-sur9-hfhb |
| summary |
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5061 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52699 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52758 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52764 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52746 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.5272 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5061 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-5061
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kj7b-sur9-hfhb |
|
| 27 |
| url |
VCID-kyvg-q58s-cfff |
| vulnerability_id |
VCID-kyvg-q58s-cfff |
| summary |
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4144 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79284 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.7931 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79315 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79308 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79297 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4144 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-4144
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kyvg-q58s-cfff |
|
| 28 |
| url |
VCID-m6c2-crap-b3b7 |
| vulnerability_id |
VCID-m6c2-crap-b3b7 |
| summary |
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9499 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74298 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74331 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74304 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74336 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00794 |
| scoring_system |
epss |
| scoring_elements |
0.74322 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9499 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2019-9499
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
6.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m6c2-crap-b3b7 |
|
| 29 |
| url |
VCID-mwc1-rpqz-uqcj |
| vulnerability_id |
VCID-mwc1-rpqz-uqcj |
| summary |
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4143 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79284 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.7931 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79315 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79308 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01205 |
| scoring_system |
epss |
| scoring_elements |
0.79297 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4143 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-4143
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mwc1-rpqz-uqcj |
|
| 30 |
| url |
VCID-n7rh-f4mj-jbdq |
| vulnerability_id |
VCID-n7rh-f4mj-jbdq |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13080 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00948 |
| scoring_system |
epss |
| scoring_elements |
0.76718 |
| published_at |
2026-06-08T12:55:00Z |
|
| 1 |
| value |
0.00948 |
| scoring_system |
epss |
| scoring_elements |
0.7674 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00948 |
| scoring_system |
epss |
| scoring_elements |
0.76704 |
| published_at |
2026-06-04T12:55:00Z |
|
| 3 |
| value |
0.00948 |
| scoring_system |
epss |
| scoring_elements |
0.76734 |
| published_at |
2026-06-05T12:55:00Z |
|
| 4 |
| value |
0.00948 |
| scoring_system |
epss |
| scoring_elements |
0.76729 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13080 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13080
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n7rh-f4mj-jbdq |
|
| 31 |
| url |
VCID-p4b2-1g26-nkd2 |
| vulnerability_id |
VCID-p4b2-1g26-nkd2 |
| summary |
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16275 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70594 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70636 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70645 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70628 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70616 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70638 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16275 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-16275
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p4b2-1g26-nkd2 |
|
| 32 |
| url |
VCID-p6m7-m2w8-uybh |
| vulnerability_id |
VCID-p6m7-m2w8-uybh |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13077 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00661 |
| scoring_system |
epss |
| scoring_elements |
0.71554 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00661 |
| scoring_system |
epss |
| scoring_elements |
0.71521 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00661 |
| scoring_system |
epss |
| scoring_elements |
0.71547 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00661 |
| scoring_system |
epss |
| scoring_elements |
0.71571 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00661 |
| scoring_system |
epss |
| scoring_elements |
0.71532 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00661 |
| scoring_system |
epss |
| scoring_elements |
0.71565 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13077 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13077
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m7-m2w8-uybh |
|
| 33 |
| url |
VCID-qv3p-mcnx-gfh9 |
| vulnerability_id |
VCID-qv3p-mcnx-gfh9 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4476 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00668 |
| scoring_system |
epss |
| scoring_elements |
0.71714 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00668 |
| scoring_system |
epss |
| scoring_elements |
0.7173 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00668 |
| scoring_system |
epss |
| scoring_elements |
0.71707 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00668 |
| scoring_system |
epss |
| scoring_elements |
0.71692 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.00668 |
| scoring_system |
epss |
| scoring_elements |
0.71683 |
| published_at |
2026-06-04T12:55:00Z |
|
| 5 |
| value |
0.00668 |
| scoring_system |
epss |
| scoring_elements |
0.71724 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4476 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2016-4476
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3p-mcnx-gfh9 |
|
| 34 |
| url |
VCID-s7gm-17ms-53fd |
| vulnerability_id |
VCID-s7gm-17ms-53fd |
| summary |
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4146 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01312 |
| scoring_system |
epss |
| scoring_elements |
0.80156 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01312 |
| scoring_system |
epss |
| scoring_elements |
0.80182 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01312 |
| scoring_system |
epss |
| scoring_elements |
0.80186 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01312 |
| scoring_system |
epss |
| scoring_elements |
0.80181 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01312 |
| scoring_system |
epss |
| scoring_elements |
0.80173 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.01312 |
| scoring_system |
epss |
| scoring_elements |
0.80194 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4146 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-4146
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s7gm-17ms-53fd |
|
| 35 |
| url |
VCID-s91q-7xur-gudp |
| vulnerability_id |
VCID-s91q-7xur-gudp |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13087 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64321 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.6427 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64312 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64323 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64301 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64314 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13087 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13087
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s91q-7xur-gudp |
|
| 36 |
| url |
VCID-sz7g-jw53-yyf1 |
| vulnerability_id |
VCID-sz7g-jw53-yyf1 |
| summary |
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9497 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11468 |
| scoring_system |
epss |
| scoring_elements |
0.93741 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.11468 |
| scoring_system |
epss |
| scoring_elements |
0.9375 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.11468 |
| scoring_system |
epss |
| scoring_elements |
0.93755 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.11468 |
| scoring_system |
epss |
| scoring_elements |
0.93749 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.11468 |
| scoring_system |
epss |
| scoring_elements |
0.93748 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9497 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2019-9497
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sz7g-jw53-yyf1 |
|
| 37 |
| url |
VCID-up8e-3hxu-73ah |
| vulnerability_id |
VCID-up8e-3hxu-73ah |
| summary |
wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-5290 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.54156 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.54159 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.54167 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.54157 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.54134 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-5290 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-5290
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-up8e-3hxu-73ah |
|
| 38 |
| url |
VCID-uyg6-fyc7-fqf5 |
| vulnerability_id |
VCID-uyg6-fyc7-fqf5 |
| summary |
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1863 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08546 |
| scoring_system |
epss |
| scoring_elements |
0.92547 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.08546 |
| scoring_system |
epss |
| scoring_elements |
0.9256 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.08546 |
| scoring_system |
epss |
| scoring_elements |
0.92551 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.08546 |
| scoring_system |
epss |
| scoring_elements |
0.92538 |
| published_at |
2026-06-04T12:55:00Z |
|
| 4 |
| value |
0.08546 |
| scoring_system |
epss |
| scoring_elements |
0.92542 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.08546 |
| scoring_system |
epss |
| scoring_elements |
0.92541 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1863 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
|
| aliases |
CVE-2015-1863
|
| risk_score |
0.8 |
| exploitability |
0.5 |
| weighted_severity |
1.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uyg6-fyc7-fqf5 |
|
| 39 |
| url |
VCID-vgs9-juev-53d2 |
| vulnerability_id |
VCID-vgs9-juev-53d2 |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13088 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64321 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.6427 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64312 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64323 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64301 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.64314 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13088 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13088
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgs9-juev-53d2 |
|
| 40 |
| url |
VCID-w1t7-99j6-ducn |
| vulnerability_id |
VCID-w1t7-99j6-ducn |
| summary |
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9494 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01518 |
| scoring_system |
epss |
| scoring_elements |
0.81562 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01518 |
| scoring_system |
epss |
| scoring_elements |
0.81591 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.01518 |
| scoring_system |
epss |
| scoring_elements |
0.816 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.01518 |
| scoring_system |
epss |
| scoring_elements |
0.81593 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.01518 |
| scoring_system |
epss |
| scoring_elements |
0.81584 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-9494 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-9494
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w1t7-99j6-ducn |
|
| 41 |
| url |
VCID-w27s-tf26-t7fb |
| vulnerability_id |
VCID-w27s-tf26-t7fb |
| summary |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12695 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03982 |
| scoring_system |
epss |
| scoring_elements |
0.88612 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03982 |
| scoring_system |
epss |
| scoring_elements |
0.8863 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.03982 |
| scoring_system |
epss |
| scoring_elements |
0.88646 |
| published_at |
2026-06-09T12:55:00Z |
|
| 3 |
| value |
0.03982 |
| scoring_system |
epss |
| scoring_elements |
0.88631 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.03982 |
| scoring_system |
epss |
| scoring_elements |
0.88629 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12695 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-12695
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w27s-tf26-t7fb |
|
| 42 |
| url |
VCID-yj2a-e823-nyfw |
| vulnerability_id |
VCID-yj2a-e823-nyfw |
| summary |
man-in-the-middle |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13079 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01012 |
| scoring_system |
epss |
| scoring_elements |
0.77507 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.01012 |
| scoring_system |
epss |
| scoring_elements |
0.77506 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.01012 |
| scoring_system |
epss |
| scoring_elements |
0.77469 |
| published_at |
2026-06-04T12:55:00Z |
|
| 3 |
| value |
0.01012 |
| scoring_system |
epss |
| scoring_elements |
0.77497 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.01012 |
| scoring_system |
epss |
| scoring_elements |
0.77486 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-13079 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| purl |
pkg:deb/debian/wpa@2:2.4-1%2Bdeb9u6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ba4-zp3t-j7b7 |
|
| 1 |
| vulnerability |
VCID-1eva-m1zn-dbbs |
|
| 2 |
| vulnerability |
VCID-2pae-t1zg-d7dy |
|
| 3 |
| vulnerability |
VCID-57qp-9n3e-g7g7 |
|
| 4 |
| vulnerability |
VCID-5uqd-9srx-buhb |
|
| 5 |
| vulnerability |
VCID-64pb-r9pk-3bfk |
|
| 6 |
| vulnerability |
VCID-6jb3-mw38-gqaf |
|
| 7 |
| vulnerability |
VCID-7fuh-9z2r-ekee |
|
| 8 |
| vulnerability |
VCID-7kes-xst7-z3d3 |
|
| 9 |
| vulnerability |
VCID-7q6k-mpk6-t7bv |
|
| 10 |
| vulnerability |
VCID-84gv-j3vy-kbhp |
|
| 11 |
| vulnerability |
VCID-awmy-cpam-xqah |
|
| 12 |
| vulnerability |
VCID-b8k9-3pnn-ekgs |
|
| 13 |
| vulnerability |
VCID-c6rb-kwrq-uubn |
|
| 14 |
| vulnerability |
VCID-cmpu-sjnc-qyc9 |
|
| 15 |
| vulnerability |
VCID-d17v-v7yt-5kb3 |
|
| 16 |
| vulnerability |
VCID-dc5z-thyu-sqhb |
|
| 17 |
| vulnerability |
VCID-kj7b-sur9-hfhb |
|
| 18 |
| vulnerability |
VCID-m6c2-crap-b3b7 |
|
| 19 |
| vulnerability |
VCID-n7rh-f4mj-jbdq |
|
| 20 |
| vulnerability |
VCID-p4b2-1g26-nkd2 |
|
| 21 |
| vulnerability |
VCID-p6m7-m2w8-uybh |
|
| 22 |
| vulnerability |
VCID-s91q-7xur-gudp |
|
| 23 |
| vulnerability |
VCID-sz7g-jw53-yyf1 |
|
| 24 |
| vulnerability |
VCID-up8e-3hxu-73ah |
|
| 25 |
| vulnerability |
VCID-vgs9-juev-53d2 |
|
| 26 |
| vulnerability |
VCID-w1t7-99j6-ducn |
|
| 27 |
| vulnerability |
VCID-w27s-tf26-t7fb |
|
| 28 |
| vulnerability |
VCID-yj2a-e823-nyfw |
|
| 29 |
| vulnerability |
VCID-yv7z-2x73-xygy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/wpa@2:2.4-1%252Bdeb9u6 |
|
| 1 |
|
|
| aliases |
CVE-2017-13079
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yj2a-e823-nyfw |
|
| 43 |
| url |
VCID-yv7z-2x73-xygy |
| vulnerability_id |
VCID-yv7z-2x73-xygy |
| summary |
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10743 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62879 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62921 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.6293 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.6292 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62906 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62922 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10743 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10743
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yv7z-2x73-xygy |
|