Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freeradius Subscribe
Total 48 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8763 1 Freeradius 1 Freeradius 2017-03-30 6.8 MEDIUM 8.1 HIGH
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
CVE-2003-0968 1 Freeradius 1 Freeradius 2016-10-17 10.0 HIGH N/A
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
CVE-2002-0318 1 Freeradius 1 Freeradius 2016-10-17 5.0 MEDIUM N/A
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
CVE-2011-4966 1 Freeradius 1 Freeradius 2013-03-19 6.0 MEDIUM N/A
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
CVE-2010-3697 1 Freeradius 1 Freeradius 2010-10-07 4.3 MEDIUM N/A
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
CVE-2005-4746 1 Freeradius 1 Freeradius 2010-04-01 7.8 HIGH N/A
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
CVE-2005-4745 1 Freeradius 1 Freeradius 2010-04-01 7.5 HIGH N/A
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2008-4474 1 Freeradius 1 Freeradius 2009-02-05 7.2 HIGH N/A
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.