Vulnerabilities > Uninett
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-22 | CVE-2021-3639 | Open Redirect vulnerability in Uninett MOD Auth Mellon A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. | 6.1 |
| 2021-05-28 | CVE-2021-32642 | Injection vulnerability in multiple products radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. | 9.4 |
| 2017-03-13 | CVE-2017-6807 | Cross-site Scripting vulnerability in Uninett MOD Auth Mellon mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | 6.1 |
| 2016-04-15 | CVE-2016-2146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. | 7.5 |
| 2016-04-15 | CVE-2016-2145 | Improper Input Validation vulnerability in multiple products The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. | 7.5 |