Point To Point Protocol Project

point-to-point_protocol_project

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Point To Point Protocol

point-to-point_protocol

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8597 4Canonical DebianPoint To Point Protocol Project+1 more 4Debian Linux Pfc FirmwarePoint To Point Protocol+1 more Dec 3, 2025 Feb 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
CVE-2018-11574 2Canonical Point To Point Protocol Project 2Point To Point Protocol Ubuntu Linux Dec 3, 2025 Jun 14, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patc...Show more Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.Show less
CVE-2015-3310 3Canonical DebianPoint To Point Protocol Project 3Debian Linux Point To Point ProtocolUbuntu Linux May 6, 2026 Apr 24, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) v...Show more Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.Show less
CVE-2014-3158 1Point To Point Protocol Project 1Point To Point Protocol May 6, 2026 Nov 15, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffe...Show more Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."Show less
CVE-2006-2194 1Point To Point Protocol Project 1Point To Point Protocol Apr 16, 2026 Jul 5, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits...Show more The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.Show less
CVE-2004-2695 2Jelsoft Point To Point Protocol Project 2Point To Point Protocol Vbulletin Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parame...Show more SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.Show less