Vulnerabilities > Uninett

DATE CVE VULNERABILITY TITLE RISK
2022-08-22 CVE-2021-3639 Open Redirect vulnerability in Uninett MOD Auth Mellon
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly.
network
low complexity
uninett CWE-601
6.1
2021-05-28 CVE-2021-32642 Injection vulnerability in multiple products
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports.
network
low complexity
uninett fedoraproject CWE-74
critical
9.4
2017-03-13 CVE-2017-6807 Cross-site Scripting vulnerability in Uninett MOD Auth Mellon
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
network
low complexity
uninett CWE-79
6.1
2016-04-15 CVE-2016-2146 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
network
low complexity
fedoraproject uninett CWE-119
7.5
2016-04-15 CVE-2016-2145 Improper Input Validation vulnerability in multiple products
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
network
low complexity
fedoraproject uninett CWE-20
7.5