CVE-2009-3111

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.

Publication date: Wed, 09 Sep 2009 23:30:00 +0000

Cyber News related to CVE-2009-3111

CVE-2009-4481 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3111. Reason: This candidate is a duplicate of CVE-2009-3111. Notes: All CVE users should reference CVE-2009-3111 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2009-3111 - The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. ...
7 years ago

CVE-2012-1762 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-3111. ...
7 years ago

CVE-2012-3111 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762. ...
7 years ago

CVE-2013-3111 - Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago

CVE-2013-3123 - Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago

CVE-2010-3111 - Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. ...
4 years ago

CVE-2015-3111 - Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. ...
8 years ago

CVE-2005-3111 - The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack. ...
7 years ago

CVE-2006-3111 - Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) ...
7 years ago

CVE-2011-3111 - Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors. ...
7 years ago

CVE-2017-3111 - An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. ...
7 years ago

CVE-2014-3111 - Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image ...
6 years ago

CVE-2008-3111 - Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as ...
6 years ago

CVE-2020-3111 - A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due ...
4 years ago

CVE-2018-3111 - Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network ...
4 years ago

CVE-2021-3111 - The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. ...
3 years ago

CVE-2007-3111 - Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. ...
1 year ago

CVE-2022-3111 - An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). ...
2 years ago

CVE-2016-3111 - pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow ...
1 year ago

CVE-2023-3111 - A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). ...
1 year ago

Latest Cyber News

CVE-2025-0974 - 10 hours ago
CVE-2025-0973 - 11 hours ago
CVE-2025-0972 - 12 hours ago
CVE-2025-0971 - 12 hours ago
CVE-2025-0970 - 13 hours ago
CVE-2025-0967 - 20 hours ago
CVE-2025-0961 - 1 day ago
CVE-2025-0950 - 1 day ago
CVE-2025-0949 - 1 day ago
CVE-2025-0948 - 1 day ago
CVE-2025-0947 - 1 day ago
CVE-2025-0946 - 1 day ago
CVE-2025-0945 - 1 day ago
CVE-2025-0944 - 1 day ago
CVE-2024-13775 - 1 day ago
CVE-2024-13612 - 1 day ago
CVE-2025-0943 - 2 days ago
CVE-2024-13429 - 2 days ago
CVE-2024-13372 - 2 days ago
CVE-2024-13425 - 2 days ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-0967 - 20 hours ago
CVE-2025-0970 - 13 hours ago
CVE-2025-0971 - 12 hours ago
CVE-2025-0972 - 12 hours ago
CVE-2025-0973 - 11 hours ago
CVE-2025-0974 - 10 hours ago
CVE-2024-11780 - 2 days ago
CVE-2024-12171 - 2 days ago
CVE-2024-12184 - 2 days ago
CVE-2024-12620 - 2 days ago
CVE-2024-13343 - 2 days ago
CVE-2024-13547 - 2 days ago
CVE-2024-13651 - 2 days ago
CVE-2024-51534 - 2 days ago
CVE-2024-53296 - 2 days ago
CVE-2024-53295 - 2 days ago
CVE-2024-12041 - 2 days ago
CVE-2024-12768 - 2 days ago
CVE-2024-13096 - 2 days ago
CVE-2024-13097 - 2 days ago