Vulnerabilities > Point TO Point Protocol Project > Point TO Point Protocol > 2.4.1

DATE CVE VULNERABILITY TITLE RISK
2018-06-14 CVE-2018-11574 Integer Overflow or Wraparound vulnerability in multiple products
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass.
network
low complexity
point-to-point-protocol-project canonical CWE-190
critical
9.8
2015-04-24 CVE-2015-3310 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
4.3
2006-07-05 CVE-2006-2194 Local Privilege Escalation vulnerability in PPPD Winbind Plugin
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
local
low complexity
point-to-point-protocol-project
7.2
2004-12-31 CVE-2004-2695 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter.
7.5