Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeradius freeradius vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-11234
FreeRADIUS prior to 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Freeradius Freeradius
Fedoraproject Fedora
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2019-11235
FreeRADIUS prior to 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to C...
Freeradius Freeradius
Fedoraproject Fedora -
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Eus 7.6
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 15.0
8.1
CVSSv3
CVE-2015-8763
The EAP-PWD module in FreeRADIUS 3.0 up to and including 3.0.8 allows remote malicious users to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.7
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.3
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.8
8.1
CVSSv3
CVE-2015-8764
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 up to and including 3.0.8, which triggers a buffer overflow.
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.3
Freeradius Freeradius 3.0.8
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.7
7.5
CVSSv3
CVE-2022-41859
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an malicious user to substantially reduce the size of an offline dictionary attack.
Freeradius Freeradius
7.5
CVSSv3
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the serv...
Freeradius Freeradius
7.5
CVSSv3
CVE-2019-17185
In FreeRADIUS 3.0.x prior to 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused ...
Freeradius Freeradius
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and cr...
Freeradius Pam Radius 1.4.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
7.5
CVSSv3
CVE-2015-4680
FreeRADIUS 2.2.x prior to 2.2.8 and 3.0.x prior to 3.0.9 does not properly check revocation of intermediate CA certificates.
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.7
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.8
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.3
Freeradius Freeradius 2.2.5
Freeradius Freeradius 2.2.6
Freeradius Freeradius 2.2.7
Freeradius Freeradius 2.2.0
Freeradius Freeradius 2.2.3
Freeradius Freeradius 2.2.4
Freeradius Freeradius 2.2.1
Freeradius Freeradius 2.2.2
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Server 12
7.5
CVSSv3
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 prior to 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote malicious users to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrat...
Openssl Openssl
Filezilla-project Filezilla Server
Siemens Application Processing Engine Firmware 2.0
Siemens Cp 1543-1 Firmware 1.1
Siemens Simatic S7-1500 Firmware 1.5
Siemens Simatic S7-1500t Firmware 1.5
Siemens Elan-8.2
Siemens Wincc Open Architecture 3.12
Intellian V100 Firmware 1.20
Intellian V100 Firmware 1.21
Intellian V100 Firmware 1.24
Intellian V60 Firmware 1.15
Intellian V60 Firmware 1.25
Mitel Micollab 6.0
Mitel Micollab 7.0
Mitel Micollab 7.1
Mitel Micollab 7.2
Mitel Micollab 7.3.0.104
Mitel Micollab 7.3
Mitel Mivoice 1.1.3.3
Mitel Mivoice 1.2.0.11
Mitel Mivoice 1.3.2.2
4 EDB exploits
2 Nmap scripts
305 Github repositories
4 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »