CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2006-1354
https://notcve.org/view.php?id=CVE-2006-1354
22 Mar 2006 — Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2005-4744
https://notcve.org/view.php?id=CVE-2005-4744
31 Dec 2005 — Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, a... • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4745
https://notcve.org/view.php?id=CVE-2005-4745
31 Dec 2005 — SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-4746
https://notcve.org/view.php?id=CVE-2005-4746
31 Dec 2005 — Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1454
https://notcve.org/view.php?id=CVE-2005-1454
19 May 2005 — SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. • http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1455
https://notcve.org/view.php?id=CVE-2005-1455
19 May 2005 — Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). • http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0960
https://notcve.org/view.php?id=CVE-2004-0960
20 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0961
https://notcve.org/view.php?id=CVE-2004-0961
20 Oct 2004 — Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2004-0938
https://notcve.org/view.php?id=CVE-2004-0938
16 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. FreeRADIUS anteriores a 1.0.1 permite a atacantes remotos causar una denegación de servicio (caída del servidor) enviando un atributo Ascend-Send-Secret sin el paquete de encabezado requerido. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2003-0967 – FreeRadius 0.x/1.1.x - Tag Field Heap Corruption
https://notcve.org/view.php?id=CVE-2003-0967
02 Dec 2003 — rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. rad_decode en FreeRADIUS 0.9.2 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante una cadena de atributo RADIUS corta con una etiqueta, lo que hace se llame a memcpy con un argumento de longitud -1, como se... • https://www.exploit-db.com/exploits/23391 •