Lucene search
K

79 matches found

Amazon
Amazon
added 2023/03/07 12:0 a.m.27 views

Medium: freeradius

Issue Overview: When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS7.8AI score0.01171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.35 views

Amazon Linux AMI : freeradius (ALAS-2023-1699)

The version of freeradius installed on the remote host is prior to 2.2.6-7.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1699 advisory. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...

7.5CVSS7.4AI score0.01171EPSS
Exploits0References4
Amazon
Amazon
added 2023/03/06 12:0 a.m.31 views

Medium: freeradius

Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...

7.5CVSS7.2AI score0.01171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/24 12:0 a.m.28 views

Debian dla-3342 : freeradius - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3342 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3342-1 [email protected]...

7.5CVSS7AI score0.01171EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2023/02/09 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2023-1312)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01171EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.25 views

EulerOS 2.0 SP8 : freeradius (EulerOS-SA-2023-1312)

According to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...

7.5CVSS6.7AI score0.01171EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/26 12:0 a.m.29 views

SUSE SLES12: freeradius-server / freeradius-server-doc / freeradius-server-krb5 / etc (SUSE-SU-2023:0135-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0135-1 advisory. - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks bsc120620...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.19 views

SUSE SLES12: freeradius-server / freeradius-server-doc / freeradius-server-krb5 / etc (SUSE-SU-2023:0124-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0124-1 advisory. - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attac...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References10
NVD
NVD
added 2023/01/17 6:15 p.m.16 views

CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS7.5AI score0.01171EPSS
Exploits0References3
OSV
OSV
added 2023/01/17 6:15 p.m.12 views

AZL-13062 CVE-2022-41860 affecting package freeradius for versions less than 3.2.3-1

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS5.7AI score0.01171EPSS
Exploits0References1
Prion
Prion
added 2023/01/17 6:15 p.m.27 views

Null pointer dereference

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

5CVSS7.3AI score0.01171EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/17 12:0 a.m.21 views

CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.6AI score0.01171EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/01/17 12:0 a.m.37 views

CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS7.5AI score0.01171EPSS
Exploits0
CVE
CVE
added 2023/01/17 12:0 a.m.129 views

CVE-2022-41860

CVE-2022-41860 affects FreeRADIUS: when an EAP-SIM supplicant sends an unknown SIM option, the server looks it up in internal dictionaries, fails, but the SIM code dereferences a NULL pointer, crashing the server. Connected advisories confirm fixes in multiple distributions; Debian LTS/DLA adviso...

7.5CVSS7.3AI score0.01171EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/17 12:0 a.m.22 views

CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS6.9AI score0.01171EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2023/01/17 12:0 a.m.27 views

CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS7.5AI score0.01171EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/04 10:53 a.m.94 views

USN-5785-1: FreeRADIUS vulnerabilities

It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17185 Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unkno...

7.5CVSS6.8AI score0.02168EPSS
Exploits0
OSV
OSV
added 2023/01/04 10:53 a.m.11 views

USN-5785-1 freeradius vulnerabilities

It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17185 Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unkno...

7.5CVSS7.3AI score0.02168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/01/04 12:0 a.m.43 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : FreeRADIUS vulnerabilities (USN-5785-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5785-1 advisory. It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use thi...

7.5CVSS6.9AI score0.02168EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/01/02 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2022-0482)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01171EPSS
Exploits0References5
Rows per page
Query Builder