[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9495":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":90,"aliases":91,"duplicate_of":9,"upstream":92,"downstream":93,"duplicates":122,"related":123,"reserved_at":9,"published_at":132,"modified_at":133,"state":134,"summary":135,"references_raw":144,"kevs":198,"epss":199,"epss_history":202,"metrics":464,"affected":475},"CVE-2019-9495","The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-203","Observable Discrepancy","The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-189","Black Box Reverse Engineering",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":27},"CWE-524","Use of Cache Containing Sensitive Information","The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.",[28],{"id":29,"name":30,"techniques":31},"CAPEC-204","Lifting Sensitive Data Embedded in Cache",[32],{"id":33,"name":34,"tactics":35,"countermeasures":39},"T1005","Data from Local System",[36],{"id":37,"name":38},"TA0100","Collection",[40,45,49,54,59,64,69,74,78,82,86],{"id":41,"name":42,"tactic":43},"D3-FA","File Analysis",{"name":44},"Detect",{"id":46,"name":47,"tactic":48},"D3-FIM","File Integrity Monitoring",{"name":44},{"id":50,"name":51,"tactic":52},"D3-FEV","File Eviction",{"name":53},"Evict",{"id":55,"name":56,"tactic":57},"D3-DF","Decoy File",{"name":58},"Deceive",{"id":60,"name":61,"tactic":62},"D3-FE","File Encryption",{"name":63},"Harden",{"id":65,"name":66,"tactic":67},"D3-RF","Restore File",{"name":68},"Restore",{"id":70,"name":71,"tactic":72},"D3-CF","Content Filtering",{"name":73},"Isolate",{"id":75,"name":76,"tactic":77},"D3-LFP","Local File Permissions",{"name":73},{"id":79,"name":80,"tactic":81},"D3-RFAM","Remote File Access Mediation",{"name":73},{"id":83,"name":84,"tactic":85},"D3-CQ","Content Quarantine",{"name":73},{"id":87,"name":88,"tactic":89},"D3-CM","Content Modification",{"name":73},[],[],[],[94,96,98,100,102,104,106,108,110,112,114,116,118,120],{"_key":95},"ALPINE-CVE-2019-9495",{"_key":97},"SUSE-SU-2020:3380-1",{"_key":99},"SUSE-SU-2020:3424-1",{"_key":101},"SUSE-SU-2022:1853-1",{"_key":103},"UBUNTU-CVE-2019-9495",{"_key":105},"USN-3944-1",{"_key":107},"OPENSUSE-SU-2020:0222-1",{"_key":109},"OPENSUSE-SU-2020:2053-1",{"_key":111},"OPENSUSE-SU-2020:2059-1",{"_key":113},"OPENSUSE-SU-2024:10846-1",{"_key":115},"OPENSUSE-SU-2024:11515-1",{"_key":117},"DLA-1867-1",{"_key":119},"DSA-4430-1",{"_key":121},"DEBIAN-CVE-2019-9495",[],[124,125,126,127,128,129,130,131],{"_key":97},{"_key":99},{"_key":101},{"_key":107},{"_key":109},{"_key":111},{"_key":113},{"_key":115},"2019-04-17T13:31:08.000Z","2024-08-04T21:54:44.180Z","Modified",{"cisa_kev":136,"cisa_ransomware":136,"cisa_vendor":9,"epss_severity":137,"epss_score":138,"severity":139,"severity_score":140,"severity_version":141,"severity_source":142,"severity_vector":143,"severity_status":134},false,"low",0.06885,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:N/A:N",[145,153,158,163,167,171,176,182,188,193],{"url":146,"sources":147,"tags":149},"https://w1.fi/security/2019-2/",[148,142],"cve.org",[150,151,152],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":154,"sources":155,"tags":156},"https://www.synology.com/security/advisory/Synology_SA_19_16",[148,142],[150,157],"Third Party Advisory",{"url":159,"sources":160,"tags":161},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/",[148,142],[152,162],"X Refsource FEDORA",{"url":164,"sources":165,"tags":166},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/",[148,142],[152,162],{"url":168,"sources":169,"tags":170},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/",[148,142],[152,162],{"url":172,"sources":173,"tags":174},"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc",[148,142],[152,175,157],"X Refsource FREEBSD",{"url":177,"sources":178,"tags":179},"https://seclists.org/bugtraq/2019/May/40",[148,142],[180,181,157],"Mailing List","X Refsource BUGTRAQ",{"url":183,"sources":184,"tags":185},"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",[148,142],[186,157,187],"X Refsource MISC","VDB Entry",{"url":189,"sources":190,"tags":191},"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html",[148,142],[180,192,157],"X Refsource MLIST",{"url":194,"sources":195,"tags":196},"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html",[148,142],[152,197,180,157],"X Refsource SUSE",[],{"date":200,"score":138,"percentile":201},"2026-06-03",0.91537,[203,207,210,213,216,219,222,224,227,230,233,236,239,242,245,249,252,255,258,260,263,266,269,272,274,277,280,282,285,288,291,294,297,300,303,305,307,310,313,316,319,322,324,326,329,332,335,337,340,342,345,347,350,353,357,360,362,365,368,371,374,377,379,382,385,389,392,395,398,401,404,407,409,411,414,417,421,424,428,431,434,437,440,443,446,448,451,454,457,461],{"date":204,"score":205,"percentile":206},"2025-11-04",0.06034,0.90285,{"date":208,"score":205,"percentile":209},"2025-11-05",0.90283,{"date":211,"score":205,"percentile":212},"2025-11-06",0.90282,{"date":214,"score":205,"percentile":215},"2025-11-07",0.90287,{"date":217,"score":205,"percentile":218},"2025-11-08",0.9029,{"date":220,"score":205,"percentile":221},"2025-11-09",0.90288,{"date":223,"score":205,"percentile":221},"2025-11-10",{"date":225,"score":205,"percentile":226},"2025-11-11",0.90286,{"date":228,"score":205,"percentile":229},"2025-11-12",0.90293,{"date":231,"score":205,"percentile":232},"2025-11-13",0.90297,{"date":234,"score":205,"percentile":235},"2025-11-14",0.903,{"date":237,"score":205,"percentile":238},"2025-11-15",0.90296,{"date":240,"score":205,"percentile":241},"2025-11-16",0.90301,{"date":243,"score":205,"percentile":244},"2025-11-17",0.90298,{"date":246,"score":247,"percentile":248},"2025-11-18",0.06437,0.90116,{"date":250,"score":247,"percentile":251},"2025-11-19",0.9012,{"date":253,"score":247,"percentile":254},"2025-11-20",0.90123,{"date":256,"score":205,"percentile":257},"2025-11-21",0.90311,{"date":259,"score":205,"percentile":257},"2025-11-22",{"date":261,"score":205,"percentile":262},"2025-11-23",0.90312,{"date":264,"score":205,"percentile":265},"2025-11-24",0.90314,{"date":267,"score":205,"percentile":268},"2025-11-25",0.90316,{"date":270,"score":205,"percentile":271},"2025-11-26",0.90315,{"date":273,"score":205,"percentile":265},"2025-11-27",{"date":275,"score":205,"percentile":276},"2025-11-28",0.90305,{"date":278,"score":205,"percentile":279},"2025-11-29",0.90341,{"date":281,"score":205,"percentile":279},"2025-11-30",{"date":283,"score":205,"percentile":284},"2025-12-01",0.90401,{"date":286,"score":205,"percentile":287},"2025-12-02",0.90402,{"date":289,"score":205,"percentile":290},"2025-12-03",0.90403,{"date":292,"score":205,"percentile":293},"2025-12-04",0.90344,{"date":295,"score":205,"percentile":296},"2025-12-05",0.9035,{"date":298,"score":205,"percentile":299},"2025-12-06",0.90351,{"date":301,"score":205,"percentile":302},"2025-12-07",0.90347,{"date":304,"score":205,"percentile":302},"2025-12-08",{"date":306,"score":205,"percentile":299},"2025-12-09",{"date":308,"score":205,"percentile":309},"2025-12-10",0.9036,{"date":311,"score":205,"percentile":312},"2025-12-11",0.90363,{"date":314,"score":205,"percentile":315},"2025-12-12",0.90368,{"date":317,"score":205,"percentile":318},"2025-12-13",0.90369,{"date":320,"score":205,"percentile":321},"2025-12-14",0.90367,{"date":323,"score":205,"percentile":318},"2025-12-15",{"date":325,"score":205,"percentile":312},"2025-12-16",{"date":327,"score":205,"percentile":328},"2025-12-17",0.90372,{"date":330,"score":205,"percentile":331},"2025-12-18",0.90378,{"date":333,"score":205,"percentile":334},"2025-12-19",0.90379,{"date":336,"score":205,"percentile":331},"2025-12-20",{"date":338,"score":205,"percentile":339},"2025-12-21",0.90389,{"date":341,"score":205,"percentile":339},"2025-12-22",{"date":343,"score":205,"percentile":344},"2025-12-23",0.9039,{"date":346,"score":205,"percentile":287},"2025-12-24",{"date":348,"score":205,"percentile":349},"2025-12-25",0.90413,{"date":351,"score":205,"percentile":352},"2025-12-26",0.90411,{"date":354,"score":355,"percentile":356},"2025-12-27",0.03249,0.86781,{"date":358,"score":205,"percentile":359},"2025-12-28",0.90406,{"date":361,"score":205,"percentile":287},"2025-12-29",{"date":363,"score":205,"percentile":364},"2025-12-30",0.90408,{"date":366,"score":205,"percentile":367},"2025-12-31",0.90419,{"date":369,"score":205,"percentile":370},"2026-01-01",0.90483,{"date":372,"score":205,"percentile":373},"2026-01-02",0.90478,{"date":375,"score":205,"percentile":376},"2026-01-03",0.90477,{"date":378,"score":205,"percentile":367},"2026-01-04",{"date":380,"score":205,"percentile":381},"2026-01-05",0.90415,{"date":383,"score":205,"percentile":384},"2026-01-06",0.90418,{"date":386,"score":387,"percentile":388},"2026-01-07",0.04536,0.88809,{"date":390,"score":387,"percentile":391},"2026-01-08",0.88816,{"date":393,"score":387,"percentile":394},"2026-01-09",0.88822,{"date":396,"score":387,"percentile":397},"2026-01-10",0.88823,{"date":399,"score":387,"percentile":400},"2026-01-11",0.88817,{"date":402,"score":387,"percentile":403},"2026-01-12",0.88813,{"date":405,"score":387,"percentile":406},"2026-01-13",0.8881,{"date":408,"score":387,"percentile":394},"2026-01-14",{"date":410,"score":387,"percentile":394},"2026-01-15",{"date":412,"score":387,"percentile":413},"2026-01-16",0.8883,{"date":415,"score":387,"percentile":416},"2026-01-17",0.88833,{"date":418,"score":419,"percentile":420},"2026-01-18",0.0393,0.87986,{"date":422,"score":419,"percentile":423},"2026-01-19",0.87983,{"date":425,"score":426,"percentile":427},"2026-01-20",0.04655,0.88982,{"date":429,"score":426,"percentile":430},"2026-01-21",0.88987,{"date":432,"score":426,"percentile":433},"2026-01-22",0.88991,{"date":435,"score":426,"percentile":436},"2026-01-23",0.89005,{"date":438,"score":426,"percentile":439},"2026-01-24",0.89012,{"date":441,"score":426,"percentile":442},"2026-01-25",0.89014,{"date":444,"score":426,"percentile":445},"2026-01-26",0.89015,{"date":447,"score":426,"percentile":442},"2026-01-27",{"date":449,"score":426,"percentile":450},"2026-01-28",0.89017,{"date":452,"score":426,"percentile":453},"2026-01-29",0.8902,{"date":455,"score":426,"percentile":456},"2026-01-30",0.89022,{"date":458,"score":459,"percentile":460},"2026-01-31",0.04571,0.88911,{"date":462,"score":459,"percentile":463},"2026-02-01",0.88975,[465],{"source":142,"cvss_v2_0":466,"cvss_v3_0":9,"cvss_v3_1":469,"cvss_v4_0":9},{"baseScore":140,"baseSeverity":9,"vectorString":143,"impactScore":467,"exploitabilityScore":468},2.9,8.6,{"baseScore":470,"baseSeverity":471,"vectorString":472,"impactScore":473,"exploitabilityScore":474},3.7,"LOW","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",2.3,5.6,[476,485,495,526,536,541,548,557,565,570,577],{"ecosystem":9,"name":477,"vendor":478,"product":479,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"debian linux","debian","debian_linux","o",[482],{"version":483,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":486,"vendor":487,"product":486,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":488},"fedora","fedoraproject",[489,491,493],{"version":490,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"28",{"version":492,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":494,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":496,"vendor":496,"product":496,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":497},"freebsd",[498,500,502,504,506,508,510,512,514,516,518,520,522,524],{"version":499,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2",{"version":501,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p2",{"version":503,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p3",{"version":505,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p4",{"version":507,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p5",{"version":509,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p6",{"version":511,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p7",{"version":513,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p8",{"version":515,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p9",{"version":517,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:rc3",{"version":519,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0",{"version":521,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0:p1",{"version":523,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0:p2",{"version":525,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0:p3",{"ecosystem":9,"name":527,"vendor":528,"product":529,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":531},"backports sle","opensuse","backports_sle","a",[532,534],{"version":533,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":535,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0:sp1",{"ecosystem":9,"name":537,"vendor":528,"product":537,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":538},"leap",[539],{"version":540,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":542,"vendor":543,"product":544,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":545},"radius server","synology","radius_server",[546],{"version":547,"is_range":136,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0",{"ecosystem":9,"name":549,"vendor":543,"product":550,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":551},"router manager","router_manager",[552],{"version":553,"is_range":554,"range_type":484,"version_start":9,"version_start_type":9,"version_end":555,"version_end_type":556,"fixed_in":9},"lt1.2.3-8017",true,"1.2.3-8017","excluding",{"ecosystem":9,"name":558,"vendor":559,"product":558,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":560},"hostapd","w1.fi",[561],{"version":562,"is_range":554,"range_type":484,"version_start":9,"version_start_type":9,"version_end":563,"version_end_type":564,"fixed_in":9},"lte2.7","2.7","including",{"ecosystem":9,"name":566,"vendor":559,"product":567,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":568},"wpa supplicant","wpa_supplicant",[569],{"version":562,"is_range":554,"range_type":484,"version_start":9,"version_start_type":9,"version_end":563,"version_end_type":564,"fixed_in":9},{"ecosystem":9,"name":571,"vendor":572,"product":573,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":574},"hostapd with EAP-pwd support","wi-fi alliance","hostapd with eap-pwd support",[575],{"version":576,"is_range":554,"range_type":148,"version_start":563,"version_start_type":564,"version_end":563,"version_end_type":564,"fixed_in":9},">= 2.7, \u003C= 2.7",{"ecosystem":9,"name":578,"vendor":572,"product":579,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":580},"wpa_supplicant with EAP-pwd support","wpa_supplicant with eap-pwd support",[581],{"version":576,"is_range":554,"range_type":148,"version_start":563,"version_start_type":564,"version_end":563,"version_end_type":564,"fixed_in":9}]