CVSS: 9.8EPSS: 24%CPEs: 11EXPL: 6CVE-2020-8597 – ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
https://notcve.org/view.php?id=CVE-2020-8597
03 Feb 2020 — eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. El archivo eap.c en pppd en ppp versiones 2.4.2 hasta 2.4.8, presenta un desbordamiento del búfer de rhostname en las funciones eap_request y eap_response. A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. ... • https://packetstorm.news/files/id/156802 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11574 – Ubuntu Security Notice USN-3810-1
https://notcve.org/view.php?id=CVE-2018-11574
14 Jun 2018 — Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. Una validación de entradas incorrecta junto con un desbordamiento de enteros en la implementación del protocolo EAP-TLS en PPPD podría provocar un cierre ines... • http://www.openwall.com/lists/oss-security/2018/06/11/1 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2015-3310 – Gentoo Linux Security Advisory 201701-50
https://notcve.org/view.php?id=CVE-2015-3310
17 Apr 2015 — Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. Desbordamiento de buffer en la función rc_mksid en plugins/radius/util.c en Paul's PPP Package (ppp) 2.4.6 y anteriores, cuando el PID para pppd es mayor a 65535, permite a atacantes remotos causar una denegación de servicio (caída) a travé... • http://advisories.mageia.org/MGASA-2015-0173.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3158 – Gentoo Linux Security Advisory 201412-19
https://notcve.org/view.php?id=CVE-2014-3158
08 Sep 2014 — Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." Desbordamiento de enteros en la función en options.c en pppd en Paul's PPP Package (ppp) anterior a 2.4.7 permite a atacantes el 'Acceso a opciones privilegiadas' a través de una palabra larga en el archivo de opciones, que provoca un... • http://advisories.mageia.org/MGASA-2014-0368.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2194
https://notcve.org/view.php?id=CVE-2006-2194
05 Jul 2006 — The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. El 'plugin' (complemento) winbind en pppd para ppp (Ponit to Point Protocol) v2.4.4 y anteriores no chequea el código de respuesta de la llamada a la función setuid, lo q... • http://secunia.com/advisories/20963 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2004-2695
https://notcve.org/view.php?id=CVE-2004-2695
31 Dec 2004 — SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. • http://secunia.com/advisories/12531 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •