CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4

CVE-2021-3639 affecting package modauthmellon for versions less than 0.16.0-4. A patched version of the package is available...

MiracleLinux 8 : mod_auth_mellon-0.14.0-11.el8 (AXSA:2020-330:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-330:02 advisory. modauthmellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft CVE-2019-13038 Tenable has extracted the preceding...

MiracleLinux 7 : mod_auth_mellon-0.14.0-2.el7.4 (AXSA:2019-3863:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3863:02 advisory. modauthmellon: authentication bypass in ECP flow CVE-2019-3878 modauthmellon: open redirect in logout url when using URLs with backslashes...

MiracleLinux 4 : httpd24-httpd-2.4.34-7.AXS4.1 (AXSA:2019-3830:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3830:01 advisory. httpd: privilege escalation from modules scripts CVE-2019-0211 modauthmellon: authentication bypass in ECP flow CVE-2019-3878 Tenable has extracted...

EUVD-2014-8404

Malware in sbrugna...

EUVD-2019-13488

Malware in sbrugna...

EUVD-2019-4603

Malware in sbrugna...

EUVD-2016-3247

Malware in sbrugna...

EUVD-2017-15861

Malware in sbrugna...

EUVD-2016-3246

Malware in sbrugna...

EUVD-2019-13489

Malware in sbrugna...

EUVD-2021-26939

Malware in sbrugna...

EUVD-2014-8403

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by...

Linux Distros Unpatched Vulnerability : CVE-2019-13038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...

Linux Distros Unpatched Vulnerability : CVE-2016-2145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to...

TencentOS Server 3: mod_auth_mellon (TSSA-2022:0100)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0100 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0100: mod_auth_mellon (ALINUX3-SA-2022:0100)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0100 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-3877: A vulnerability was found i...

Alibaba Cloud Linux 3 : 0149: mod_auth_mellon (ALINUX3-SA-2023:0149)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0149 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3639: A flaw was found in modauthmellon...

Linux Distros Unpatched Vulnerability : CVE-2019-3877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that ...