Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeradius freeradius vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2008-4474
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
Freeradius Freeradius 2.0.4
6.9
CVSSv2
CVE-2019-10143
It exists freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory norm...
Freeradius Freeradius
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
6.8
CVSSv2
CVE-2015-8763
The EAP-PWD module in FreeRADIUS 3.0 up to and including 3.0.8 allows remote malicious users to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.7
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.3
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.8
6.8
CVSSv2
CVE-2015-8764
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 up to and including 3.0.8, which triggers a buffer overflow.
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.3
Freeradius Freeradius 3.0.8
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.7
6.8
CVSSv2
CVE-2012-3547
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 up to and including 2.1.12, when using TLS-based EAP methods, allows remote malicious users to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after&quo...
Freeradius Freeradius 2.1.10
Freeradius Freeradius 2.1.12
Freeradius Freeradius 2.1.11
6.6
CVSSv2
CVE-2007-0080
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and previous versions allows malicious users to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third ...
Freeradius Freeradius
6.4
CVSSv2
CVE-2005-4744
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to...
Freeradius Freeradius 1.0.4
Freeradius Freeradius 1.0.3
6
CVSSv2
CVE-2011-4966
modules/rlm_unix/rlm_unix.c in FreeRADIUS prior to 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
Freeradius Freeradius 2.1.4
Freeradius Freeradius 2.1.12
Freeradius Freeradius 0.2
Freeradius Freeradius 0.4
Freeradius Freeradius 1.0.1
Freeradius Freeradius 1.0.2
Freeradius Freeradius 1.1.3
Freeradius Freeradius 1.1.5
Freeradius Freeradius 2.1.2
Freeradius Freeradius
Freeradius Freeradius 2.1.3
Freeradius Freeradius 0.1
Freeradius Freeradius 2.0.4
Freeradius Freeradius 2.1.9
Freeradius Freeradius 0.8.1
Freeradius Freeradius 0.9.3
Freeradius Freeradius 1.0.0
Freeradius Freeradius 0.9.1
Freeradius Freeradius 1.1.2
Freeradius Freeradius 1.1.4
Freeradius Freeradius 1.1.8
Freeradius Freeradius 0.6
5.8
CVSSv2
CVE-2011-2701
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote malicious users to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
Freeradius Freeradius 2.1.11
5
CVSSv2
CVE-2019-17185
In FreeRADIUS 3.0.x prior to 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused ...
Freeradius Freeradius
Opensuse Leap 15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »