Lucene search
K

158 matches found

Debian
Debian
added 2025/06/26 2:37 p.m.15 views

[SECURITY] [DLA 4232-1] freeradius security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 26, 2025 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.01171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/26 12:0 a.m.6 views

Debian dla-4232 : freeradius - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4232 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected]...

7.5CVSS7AI score0.01171EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/05/26 12:0 a.m.9 views

The vulnerability of the web_radiusSrv_dftParam_post() function in the microprogramming software for PLANET Technology allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the webRadiusSrvdftParampost function in the microprogramming software for PLANET Technology is related to buffer overflows in the stack during the processing of the radDftParamKey parameter. Exploiting this vulnerability could allow an attacker to compromise the...

10CVSS5.8AI score0.00453EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.9 views

CVE-2020-28968

Draytek VigorAP 1000C contains a stored cross-site scripting XSS vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field...

5.4CVSS5.6AI score0.00551EPSS
Exploits1
OSV
OSV
added 2025/05/20 8:15 p.m.5 views

CVE-2025-44887

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the webradiusSrvpost function...

9.8CVSS5.8AI score0.00453EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.3 views

PLANET FW-WGS-804HPT 安全漏洞

PLANET FW-WGS-804HPT is a wall-mounted managed switch from PLANET China. A security vulnerability exists in PLANET FW-WGS-804HPT v1.305b241111, which originates from a stack overflow in the radDftParamKey parameter of the webradiusSrvdftParampost function...

9.8CVSS7AI score0.00453EPSS
Exploits1References1
OSV
OSV
added 2025/03/12 5:15 a.m.9 views

AZL-58610 CVE-2025-24912 affecting package wpa_supplicant for versions less than 2.10-3

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

3.7CVSS5.7AI score0.00716EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 5:8 a.m.4 views

USN-7257-1 krb5 vulnerability

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypas...

9CVSS7AI score0.14859EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/01/14 2:8 p.m.24 views

CVE-2024-46665

An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...

3.7CVSS0.00523EPSS
Exploits0References1
OSV
OSV
added 2024/10/03 2:24 p.m.4 views

USN-7055-1 freeradius vulnerability

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses,...

9CVSS7AI score0.14859EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2024/08/06 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2024-04ba1ff731)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Mageia
Mageia
added 2024/07/14 5:23 a.m.96 views

Updated freeradius packages fix security vulnerability

This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS serv...

9CVSS7.2AI score0.14859EPSS
Exploits2References3
NVD
NVD
added 2024/05/03 2:15 a.m.28 views

CVE-2023-37322

D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00637EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.6 views

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from D-Link, a Chinese company. A security vulnerability exists in the D-Link DAP-2622 that stems from a stack-based buffer overflow remote code execution vulnerability in the DDP Setup SSID List RADIUS server...

8.8CVSS9.3AI score0.00637EPSS
Exploits0References3
CNVD
CNVD
added 2023/08/28 12:0 a.m.5 views

D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability

The D-Link DAP-2622 is an enterprise-grade wireless access point AP from AUO D-Link, which is mainly used for wireless network coverage in commercial or enterprise environments. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability that stems from a...

8.8CVSS6.8AI score0.00637EPSS
Exploits0References1
Citrix
Citrix
added 2023/08/11 12:0 a.m.10 views

Radius server test connectivity fails : Error: '1812/udp' is not a valid Radius authentication port.

Radius server test connectivity failure. Error: "Either 'ServerIP' is not a valid Radius server, '1812/udp' is not a valid Radius authentication port or Radius client is not configured properly in the Radius server."...

7.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/16 7:12 p.m.43 views

Security Bulletin: Multiple Security Vulnerabilities fixed in zlib as shipped with IBM Security Verify Gateway/Bridge

Summary Security Vulnerabilities found in 'zlib' were fixed in the following products: IBM Security Verify Gateway for Windows Login, IBM Security Verify Bridge for Directory Sync, IBM Security Verify Gateway for RADIUS Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to...

7.5CVSS7.9AI score0.52063EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.5 views

freeradius: Crash on invalid abinary data

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...

6.5CVSS5.7AI score0.01103EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.6 views

SUSE CVE-2015-5314

The eappwdprocess function in eapserver/eapserverpwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with 1 an internal EAP server or 2 a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote...

5.9CVSS7AI score0.02298EPSS
Exploits0References4
OSV
OSV
added 2023/01/17 6:15 p.m.6 views

ALPINE-CVE-2022-41861

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...

6.5CVSS6.6AI score0.01103EPSS
Exploits0References1
Rows per page
Query Builder