Point-to-point Protocol Project Point-to-point Protocol — known CVE vulnerabilities
Every CVE whose affected-product data names Point-to-point Protocol Project Point-to-point Protocol, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-11574 — CVSS 9.8 (critical): Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information…
CVE-2020-8597 — CVSS 9.8 (critical): eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
CVE-2004-2695 — CVSS 7.5 (high): SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows…
CVE-2014-3158 — CVSS 7.5 (high): Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access…
CVE-2006-2194 — CVSS 7.2 (high): The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local…
CVE-2015-3310 — CVSS 4.3 (medium): Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is…