Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 57 results


CVE-2024-5290

Medium priority

Some fixes available 6 of 7

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-52424

Medium priority
Vulnerable

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion"...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-52160

Medium priority
Vulnerable

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-23304

Low priority
Vulnerable

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected Vulnerable Needs evaluation Needs evaluation
Show less packages

CVE-2022-23303

Low priority
Vulnerable

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected Vulnerable Needs evaluation Needs evaluation
Show less packages

CVE-2021-30004

Medium priority
Not affected

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected Not affected
Show less packages

CVE-2021-27803

Medium priority
Fixed

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed Fixed
Show less packages

CVE-2021-0326

High priority
Fixed

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed Fixed
Show less packages

CVE-2020-12695

Medium priority

Some fixes available 18 of 31

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka...

5 affected packages

gupnp, libupnp, minidlna, pupnp-1.8, wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gupnp Not affected Not affected Fixed Vulnerable Vulnerable
libupnp Not in release Not in release Not in release Vulnerable Vulnerable
minidlna Not affected Not affected Fixed Fixed Fixed
pupnp-1.8 Not in release Vulnerable Vulnerable Vulnerable Not in release
wpa Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-10064

Low priority
Vulnerable

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in...

1 affected packages

wpa

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected Not affected Not affected Vulnerable
Show less packages