CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2006-1354 – Debian Linux Security Advisory 1089-1
https://notcve.org/view.php?id=CVE-2006-1354
22 Mar 2006 — Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Several problems have been discovered in freeradius, a high-performance and highly configurable RADIUS server. • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2005-4744 – Debian Linux Security Advisory 1089-1
https://notcve.org/view.php?id=CVE-2005-4744
31 Dec 2005 — Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, a... • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4745 – Mandriva Linux Security Advisory 2007.092
https://notcve.org/view.php?id=CVE-2005-4745
31 Dec 2005 — SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Multiple buffer overflows were found in the FreeRADIUS package version 1.0.4 and prior that could allow a remote attacker to cause a crash via the rlm_sqlcounter module. As well, an SQL injection vulnerability was also found in the rlm_sqlcounter that could allow a remote attacker to execute arbitrary SQL commands via unknown attack vect... • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-4746 – Mandriva Linux Security Advisory 2007.092
https://notcve.org/view.php?id=CVE-2005-4746
31 Dec 2005 — Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". Multiple buffer overflows were found in the FreeRADIUS package version 1.0.4 and prior that could allow a remote attacker to cause a crash via the rlm_sqlcounter module. As well, an SQL injection vulnerability was also found in the rlm_sqlcounter that could allow a remote attacker to execute arbitrary SQL commands via... • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1455
https://notcve.org/view.php?id=CVE-2005-1455
19 May 2005 — Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). • http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1454
https://notcve.org/view.php?id=CVE-2005-1454
19 May 2005 — SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. • http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0960
https://notcve.org/view.php?id=CVE-2004-0960
20 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0961
https://notcve.org/view.php?id=CVE-2004-0961
20 Oct 2004 — Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2004-0938
https://notcve.org/view.php?id=CVE-2004-0938
16 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. FreeRADIUS anteriores a 1.0.1 permite a atacantes remotos causar una denegación de servicio (caída del servidor) enviando un atributo Ascend-Send-Secret sin el paquete de encabezado requerido. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2003-0968
https://notcve.org/view.php?id=CVE-2003-0968
02 Dec 2003 — Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. Desbordamiento de búfer en la pila en SMB_Logon_Server del módulo experimental rlm_smb de FreeRADIUS 0.9.3 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante un atributo User-Password largo. • http://marc.info/?l=bugtraq&m=106986437621130&w=2 •