Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeradius vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-3547
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 up to and including 2.1.12, when using TLS-based EAP methods, allows remote malicious users to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after&quo...
Freeradius Freeradius 2.1.10
Freeradius Freeradius 2.1.12
Freeradius Freeradius 2.1.11
6.4
CVSSv2
CVE-2005-4744
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to...
Freeradius Freeradius 1.0.4
Freeradius Freeradius 1.0.3
7.5
CVSSv2
CVE-2005-4745
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote malicious users to execute arbitrary SQL commands via unknown attack vectors.
Freeradius Freeradius 1.0.3
Freeradius Freeradius 1.0.4
7.8
CVSSv2
CVE-2005-4746
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote malicious users to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
Freeradius Freeradius 1.0.3
Freeradius Freeradius 1.0.4
NA
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the serv...
Freeradius Freeradius
NA
CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Freeradius Freeradius
NA
CVE-2022-41859
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an malicious user to substantially reduce the size of an offline dictionary attack.
Freeradius Freeradius
5
CVSSv2
CVE-2007-2028
Memory leak in freeRADIUS 1.1.5 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be reject...
Freeradius Freeradius
5
CVSSv2
CVE-2004-0938
FreeRADIUS prior to 1.0.1 allows remote malicious users to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
Freeradius Freeradius
6.6
CVSSv2
CVE-2007-0080
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and previous versions allows malicious users to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third ...
Freeradius Freeradius
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »