FreeBSD 11.2 Patch 4
Approved changes feed: RSS · Atom
cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*
part: o version: 11.2 update: p4
| Vendor | Freebsd (1e86ea60-a74f-5f45-ac35-3eb819c9e064) |
|---|---|
| Product | Freebsd (be9b20ed-2a20-5a94-a224-b1a6fdcacb17) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/freebsd/freebsd-src |
purl2cpe | 2026-06-01 10:12:45.165184 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-9499 |
vulnerable | 2026-06-08 05:14:25.383256 |
The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.100Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-9498 |
vulnerable | 2026-06-08 05:14:25.381539 |
The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.081Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-9495 |
vulnerable | 2026-06-08 05:14:25.370676 |
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.180Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-9494 |
vulnerable | 2026-06-08 05:14:25.362122 |
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Published: 2019-04-17T13:31:08.000Z
Updated: 2024-08-04T21:54:44.172Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5612 |
vulnerable | 2026-06-08 05:14:07.842588 |
Details available
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.
Published: 2019-08-29T22:31:46.000Z
Updated: 2024-08-04T20:01:51.526Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5611 |
vulnerable | 2026-06-08 05:14:07.840839 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5610 |
vulnerable | 2026-06-08 05:14:07.836333 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5609 |
vulnerable | 2026-06-08 05:14:07.834846 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5608 |
vulnerable | 2026-06-08 05:14:07.827594 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5605 |
vulnerable | 2026-06-08 05:14:07.818746 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5604 |
vulnerable | 2026-06-08 05:14:07.817576 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5603 |
vulnerable | 2026-06-08 05:14:07.810977 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5602 |
vulnerable | 2026-06-08 05:14:07.803801 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5601 |
vulnerable | 2026-06-08 05:14:07.802720 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5600 |
vulnerable | 2026-06-08 05:14:07.798576 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5598 |
vulnerable | 2026-06-08 05:14:07.791789 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5597 |
vulnerable | 2026-06-08 05:14:07.787536 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12900 |
vulnerable | 2026-06-08 05:12:40.617931 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-6925 |
vulnerable | 2026-06-08 05:11:54.466425 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17161 |
vulnerable | 2026-06-08 05:11:06.052915 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17157 |
vulnerable | 2026-06-08 05:11:06.047534 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17155 |
vulnerable | 2026-06-08 05:11:06.044917 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17154 |
vulnerable | 2026-06-08 05:11:06.039413 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.