36 matches found
CVE-2026-41860
creationtimestamp| type| source ---|---|--- 2026-06-04 03:20:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mngo5dkpkj2f 2026-06-04 04:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngqeycd7q2k 2026-06-04 09:07:08+00:00| seen|...
CVE-2026-41860
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...
MiracleLinux 9 : freeradius-3.0.21-37.el9 (AXSA:2023-5499:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5499:02 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...
Debian: Security Advisory (DLA-4232-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4232-1] freeradius security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 26, 2025 https://wiki.debian.org/LTS -...
Linux Distros Unpatched Vulnerability : CVE-2022-41860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will...
Adobe Substance 3D Sampler < 4.5.1 Multiple Vulnerabilities (apsb24-65)
The version of Adobe Substance 3D Sampler installed on the remote host is prior to 4.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-65 advisory. - Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could...
CVE-2024-41860
creationtimestamp| type| source ---|---|--- 2024-08-14 12:21:44+00:00| seen| https://t.me/cvedetector/3109...
CVE-2024-41860
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...
CVE-2022-41860 affecting package freeradius for versions less than 3.2.3-1
CVE-2022-41860 affecting package freeradius for versions less than 3.2.3-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-41860
CVE-2023-41860 — Unauthenticated Cross-Site Scripting (XSS) in TravelMap WordPress plugin, affected versions <= 1.0.1. The root cause is an XSS flaw in TravelMap
WordPress Travel Map Plugin < 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Travel Map Type Plugin Vulnerable versions 1.0.1 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41860 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 4ba841714848 Credits Mika Required privilege...
AlmaLinux 8 : freeradius:3.0 (ALSA-2023:2870)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid abina...
Moderate: Red Hat Security Advisory: freeradius:3.0 security update
An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: freeradius:3.0 security update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...
Moderate: Red Hat Security Advisory: freeradius security and bug fix update
An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: freeradius security and bug fix update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...
Medium: freeradius
Issue Overview: When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
Amazon Linux AMI : freeradius (ALAS-2023-1699)
The version of freeradius installed on the remote host is prior to 2.2.6-7.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1699 advisory. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...
Medium: freeradius
Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...