Freeradius
by FreeRADIUS
Source repositories
CVEs (50)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-4745 | 0.00 | — | 0.01 | Dec 31, 2005 | SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||
| CVE-2005-4746 | 0.00 | — | 0.02 | Dec 31, 2005 | Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". | |||
| CVE-2005-1455 | 0.00 | — | 0.03 | May 19, 2005 | Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | |||
| CVE-2005-1454 | 0.00 | — | 0.02 | May 19, 2005 | SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | |||
| CVE-2004-0961 | 0.00 | — | 0.03 | Feb 9, 2005 | Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. | |||
| CVE-2004-0960 | 0.00 | — | 0.03 | Feb 9, 2005 | FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. | |||
| CVE-2004-0938 | 0.00 | — | 0.04 | Nov 3, 2004 | FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. | |||
| CVE-2003-0968 | 0.00 | — | 0.04 | Dec 15, 2003 | Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. | |||
| CVE-2002-0318 | 0.00 | — | 0.01 | Jun 25, 2002 | FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets. | |||
| CVE-2001-1377 | 0.00 | — | 0.05 | Mar 4, 2002 | Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. |
- CVE-2005-4745Dec 31, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
- CVE-2005-4746Dec 31, 2005risk 0.00cvss —epss 0.02
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
- CVE-2005-1455May 19, 2005risk 0.00cvss —epss 0.03
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
- CVE-2005-1454May 19, 2005risk 0.00cvss —epss 0.02
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
- CVE-2004-0961Feb 9, 2005risk 0.00cvss —epss 0.03
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
- CVE-2004-0960Feb 9, 2005risk 0.00cvss —epss 0.03
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
- CVE-2004-0938Nov 3, 2004risk 0.00cvss —epss 0.04
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
- CVE-2003-0968Dec 15, 2003risk 0.00cvss —epss 0.04
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
- CVE-2002-0318Jun 25, 2002risk 0.00cvss —epss 0.01
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
- CVE-2001-1377Mar 4, 2002risk 0.00cvss —epss 0.05
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Page 3 of 3