Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeradius freeradius vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and cr...
Freeradius Pam Radius 1.4.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
5
CVSSv2
CVE-2015-4680
FreeRADIUS 2.2.x prior to 2.2.8 and 3.0.x prior to 3.0.9 does not properly check revocation of intermediate CA certificates.
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.7
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.8
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.3
Freeradius Freeradius 2.2.5
Freeradius Freeradius 2.2.6
Freeradius Freeradius 2.2.7
Freeradius Freeradius 2.2.0
Freeradius Freeradius 2.2.3
Freeradius Freeradius 2.2.4
Freeradius Freeradius 2.2.1
Freeradius Freeradius 2.2.2
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Server 12
5
CVSSv2
CVE-2009-3111
The rad_decode function in FreeRADIUS prior to 1.1.8 allows remote malicious users to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 up to and including 8.11. NOTE: this ...
Freeradius Freeradius 0.2
Freeradius Freeradius 0.4
Freeradius Freeradius 1.0.3
Freeradius Freeradius 1.0.4
Freeradius Freeradius
Freeradius Freeradius 1.0.2
Freeradius Freeradius 0.9
Freeradius Freeradius 0.8.1
Freeradius Freeradius 1.1.5
Freeradius Freeradius 1.0.5
Freeradius Freeradius 0.3
Freeradius Freeradius 0.8
Freeradius Freeradius 0.5
Freeradius Freeradius 1.0.1
Freeradius Freeradius 1.1.3
Freeradius Freeradius 0.9.1
Freeradius Freeradius 0.9.2
Freeradius Freeradius 0.9.3
Freeradius Freeradius 1.0.0
Freeradius Freeradius 1.1.0
Freeradius Freeradius 1.1.6
1 EDB exploit
5
CVSSv2
CVE-2007-2028
Memory leak in freeRADIUS 1.1.5 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be reject...
Freeradius Freeradius
5
CVSSv2
CVE-2004-0960
FreeRADIUS prior to 1.0.1 allows remote malicious users to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
Freeradius Freeradius 0.3
Freeradius Freeradius 0.4
Freeradius Freeradius 0.9.3
Freeradius Freeradius 1.0.0
Freeradius Freeradius 0.5
Freeradius Freeradius 0.8
Freeradius Freeradius 0.8.1
Freeradius Freeradius 0.9
Freeradius Freeradius 0.2
Freeradius Freeradius 0.9.1
Freeradius Freeradius 0.9.2
Redhat Enterprise Linux 3.0
Redhat Fedora Core Core 2.0
5
CVSSv2
CVE-2004-0961
Memory leak in FreeRADIUS prior to 1.0.1 allows remote malicious users to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
Freeradius Freeradius 0.4
Freeradius Freeradius 0.5
Freeradius Freeradius 1.0.0
Freeradius Freeradius 0.8
Freeradius Freeradius 0.8.1
Freeradius Freeradius 0.9
Freeradius Freeradius 0.9.1
Freeradius Freeradius 0.2
Freeradius Freeradius 0.3
Freeradius Freeradius 0.9.2
Freeradius Freeradius 0.9.3
Redhat Enterprise Linux 3.0
Redhat Fedora Core Core 2.0
5
CVSSv2
CVE-2004-0938
FreeRADIUS prior to 1.0.1 allows remote malicious users to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
Freeradius Freeradius
5
CVSSv2
CVE-2003-0967
rad_decode in FreeRADIUS 0.9.2 and previous versions allows remote malicious users to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
Freeradius Freeradius
1 EDB exploit
5
CVSSv2
CVE-2002-0318
FreeRADIUS RADIUS server allows remote malicious users to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
Freeradius Freeradius
5
CVSSv2
CVE-2001-1377
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote malicious users to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Freeradius Freeradius 0.2
Icradius Icradius 0.15
Icradius Icradius 0.16
Livingston Radius 2.1
Lucent Radius 2.0
Miquel Van Smoorenburg Cistron Radius 1.6 .0
Openradius Openradius 0.8
Xtradius Xtradius 1.1 Pre2
Yard Radius Project Yard Radius 1.0.16
Freeradius Freeradius 0.3
Gnu Radius 0.92.1
Icradius Icradius 0.17
Icradius Icradius 0.17b
Lucent Radius 2.0.1
Lucent Radius 2.1
Openradius Openradius 0.9
Openradius Openradius 0.9.1
Yard Radius Yard Radius 1.0.17
Yard Radius Yard Radius 1.0.18
Gnu Radius 0.95
Icradius Icradius 0.14
Livingston Radius 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »