158 matches found
CVE-2020-28194
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution...
CVE-2020-28194
CVE-2020-28194 affects accel-ppp (radius/packet.c) where a variable underflow occurs when receiving a RADIUS vendor-specific attribute whose length field is less than 2. This can lead to arbitrary code execution if the attacker controls the RADIUS server, per the NVD description. Credible referen...
Virtuozzo 7 : freeradius / freeradius-devel / freeradius-doc / etc (VZLSA-2019-1131)
An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RHEL 8 : freeradius:3.0 (RHSA-2020:4799)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4799 advisory. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized...
RLSA-2020:4799 Moderate: freeradius:3.0 security and bug fix update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: eap-pwd: DoS issues due to multithreaded BNCTX access CVE-2019-17185 Fo...
CVE-2019-8531
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be truste...
Input validation
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be truste...
CVE-2019-8531
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be truste...
Moderate: Red Hat Security Advisory: freeradius security and bug fix update
An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
EulerOS 2.0 SP3 : ppp (EulerOS-SA-2020-1426)
According to the versions of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions.CVE-2020-8597 - Buffer overflo...
Palo Alto Expedition Cross-Site Scripting
Multiple cross-site scripting XSS vulnerability exists in Palo ALto Expedition Migration Tool in versions less than or equal to 1.1.8 due to improper validation of user-supplied input before returning it to users. - An authenticated remote attacker may be able to inject arbitrary JavaScript or HT...
EulerOS 2.0 SP8 : ppp (EulerOS-SA-2019-2298)
According to the version of the ppp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Buffer overflow in the rcmksid function in plugins/radius/util.c in Paul's PPP Package ppp 2.4.6 and earlier, when the PID for pppd is greater than...
EulerOS 2.0 SP5 : ppp (EulerOS-SA-2019-2183)
According to the version of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The ppp package contains the PPP Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting...
[SECURITY] Fedora 29 Update: freeradius-3.0.19-3.fc29
The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many...
RHEL 8 : freeradius:3.0 (RHSA-2019:1142)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1142 advisory. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow...
[SECURITY] Fedora 29 Update: hostapd-2.7-2.fc29
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground a nd acts as the backe...
[SECURITY] Fedora 28 Update: freeradius-3.0.19-1.fc28
The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many...
Design/Logic Flaw
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...
CVE-2019-1571
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...
CVE-2019-1571
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...