158 matches found
[SECURITY] [DLA 4232-1] freeradius security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 26, 2025 https://wiki.debian.org/LTS -...
Debian dla-4232 : freeradius - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4232 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected]...
The vulnerability of the web_radiusSrv_dftParam_post() function in the microprogramming software for PLANET Technology allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the webRadiusSrvdftParampost function in the microprogramming software for PLANET Technology is related to buffer overflows in the stack during the processing of the radDftParamKey parameter. Exploiting this vulnerability could allow an attacker to compromise the...
CVE-2020-28968
Draytek VigorAP 1000C contains a stored cross-site scripting XSS vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field...
CVE-2025-44887
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the webradiusSrvpost function...
PLANET FW-WGS-804HPT 安全漏洞
PLANET FW-WGS-804HPT is a wall-mounted managed switch from PLANET China. A security vulnerability exists in PLANET FW-WGS-804HPT v1.305b241111, which originates from a stack overflow in the radDftParamKey parameter of the webradiusSrvdftParampost function...
AZL-58610 CVE-2025-24912 affecting package wpa_supplicant for versions less than 2.10-3
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...
USN-7257-1 krb5 vulnerability
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypas...
CVE-2024-46665
An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...
USN-7055-1 freeradius vulnerability
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses,...
Fedora: Security Advisory (FEDORA-2024-04ba1ff731)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated freeradius packages fix security vulnerability
This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS serv...
CVE-2023-37322
D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
D-Link DAP-2622 安全漏洞
The D-Link DAP-2622 is a wireless access point Access Point device from D-Link, a Chinese company. A security vulnerability exists in the D-Link DAP-2622 that stems from a stack-based buffer overflow remote code execution vulnerability in the DDP Setup SSID List RADIUS server...
D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability
The D-Link DAP-2622 is an enterprise-grade wireless access point AP from AUO D-Link, which is mainly used for wireless network coverage in commercial or enterprise environments. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability that stems from a...
Radius server test connectivity fails : Error: '1812/udp' is not a valid Radius authentication port.
Radius server test connectivity failure. Error: "Either 'ServerIP' is not a valid Radius server, '1812/udp' is not a valid Radius authentication port or Radius client is not configured properly in the Radius server."...
Security Bulletin: Multiple Security Vulnerabilities fixed in zlib as shipped with IBM Security Verify Gateway/Bridge
Summary Security Vulnerabilities found in 'zlib' were fixed in the following products: IBM Security Verify Gateway for Windows Login, IBM Security Verify Bridge for Directory Sync, IBM Security Verify Gateway for RADIUS Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to...
freeradius: Crash on invalid abinary data
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...
SUSE CVE-2015-5314
The eappwdprocess function in eapserver/eapserverpwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with 1 an internal EAP server or 2 a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote...
ALPINE-CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...