Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeradius freeradius vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
1 Article
4.3
CVSSv2
CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
4.3
CVSSv2
CVE-2015-8762
The EAP-PWD module in FreeRADIUS 3.0 up to and including 3.0.8 allows remote malicious users to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
Freeradius Freeradius 3.0.1
Freeradius Freeradius 3.0.8
Freeradius Freeradius 3.0.3
Freeradius Freeradius 3.0.4
Freeradius Freeradius 3.0.5
Freeradius Freeradius 3.0.6
Freeradius Freeradius 3.0.0
Freeradius Freeradius 3.0.2
Freeradius Freeradius 3.0.7
4.3
CVSSv2
CVE-2010-3696
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote malicious users to cause a denial of service (infinite loop and daemon outage) via a packet that has...
Freeradius Freeradius 2.1.9
4.3
CVSSv2
CVE-2010-3697
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x prior to 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote malicious users to cause a denial of service (daemon ...
Freeradius Freeradius 2.1.1
Freeradius Freeradius 2.1.0
Freeradius Freeradius 2.1.6
Freeradius Freeradius 2.1.3
Freeradius Freeradius 2.1.9
Freeradius Freeradius 2.1.7
Freeradius Freeradius 2.1.4
Freeradius Freeradius 2.1.2
Freeradius Freeradius 2.1.8
2.9
CVSSv2
CVE-2019-13456
In FreeRADIUS 3.0 up to and including 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user...
Freeradius Freeradius
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Opensuse Leap 15.1
NA
CVE-2023-4091
A vulnerability exists in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the ...
Samba Samba
Fedoraproject Fedora 39
Redhat Enterprise Linux 8.0
Redhat Storage 3.0
Redhat Enterprise Linux Eus 9.0
NA
CVE-2022-2127
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to ...
Samba Samba
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 12.0
NA
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the serv...
Freeradius Freeradius
NA
CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Freeradius Freeradius
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »