Vulnerabilities > Freeradius > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-10981 Missing Release of Resource after Effective Lifetime vulnerability in Freeradius
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
network
low complexity
freeradius CWE-772
7.5
2017-07-17 CVE-2017-10980 Missing Release of Resource after Effective Lifetime vulnerability in Freeradius
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
network
low complexity
freeradius CWE-772
7.5
2017-07-17 CVE-2017-10978 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
network
low complexity
freeradius debian redhat CWE-119
7.5
2017-04-05 CVE-2015-4680 Improper Certificate Validation vulnerability in multiple products
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
network
low complexity
freeradius suse CWE-295
7.5
2017-03-27 CVE-2015-8764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
network
high complexity
freeradius CWE-119
8.1
2017-03-27 CVE-2015-8763 Out-of-bounds Read vulnerability in Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
network
high complexity
freeradius CWE-125
8.1