CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2006-1354
https://notcve.org/view.php?id=CVE-2006-1354
22 Mar 2006 — Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0960
https://notcve.org/view.php?id=CVE-2004-0960
20 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0961
https://notcve.org/view.php?id=CVE-2004-0961
20 Oct 2004 — Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. • http://security.gentoo.org/glsa/glsa-200409-29.xml •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2004-0938
https://notcve.org/view.php?id=CVE-2004-0938
16 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. FreeRADIUS anteriores a 1.0.1 permite a atacantes remotos causar una denegación de servicio (caída del servidor) enviando un atributo Ascend-Send-Secret sin el paquete de encabezado requerido. • http://security.gentoo.org/glsa/glsa-200409-29.xml •