CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8764
https://notcve.org/view.php?id=CVE-2015-8764
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Error por un paso en el módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8, lo que desencadena un desbordamiento de búfer. • http://freeradius.org/security.html#eap-pwd-2015 http://www.openwall.com/lists/oss-security/2016/01/08/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8763
https://notcve.org/view.php?id=CVE-2015-8763
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. El módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8 permite a atacantes remotos tener un impacto no especificado a través (1) commit o (2) confirmar mensaje, lo que desencadena una lectura fuera de límites. • http://freeradius.org/security.html#eap-pwd-2015 http://www.openwall.com/lists/oss-security/2016/01/08/7 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2015-4680
https://notcve.org/view.php?id=CVE-2015-4680
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. FreeRADIUS 2.2.x en versiones anteriores a 2.2.8 y 3.0.x en versiones anteriores a 3.0.9 no comprueba adecuadamente la revocación de certificados CA intermedios. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html http://www.ocert.org/advisories/ocert-2015-008.html http://www.securityfocus.com/archive/1/535810/100/0/threaded http://www.securityfocus.com/bid/75327 http://www.securitytracker.com/id/1032690 https://bugzilla.redhat.com/show_bug.cgi?id=1234975 • CWE-295: Improper Certificate Validation •