Vulnerabilities > Freeradius

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2015-4680 Improper Certificate Validation vulnerability in multiple products
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
network
low complexity
freeradius suse CWE-295
7.5
2017-03-27 CVE-2015-8764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
network
high complexity
freeradius CWE-119
8.1
2017-03-27 CVE-2015-8763 Out-of-bounds Read vulnerability in Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
network
high complexity
freeradius CWE-125
8.1
2017-03-27 CVE-2015-8762 NULL Pointer Dereference vulnerability in Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
network
high complexity
freeradius CWE-476
5.9