160 matches found
CVE-2012-2685
CVE-2012-2685 details (MODE C): In Cumin, components used in Red Hat Enterprise Messaging/Realtime/Grid (MRG) 2.0, versions prior to 0.1.5444 allow remote authenticated users to cause a denial of service by requesting images of a large size, triggering memory consumption on the Cumin server. The ...
CVE-2012-2681
CVE-2012-2681 affects Cumin before 0.1.5444 used in Red Hat Enterprise Messaging/Realtime/Grid (MRG) 2.0. It uses predictable random numbers to generate session keys, making it easier for remote attackers to guess the session key. Connected advisories indicate Red Hat security updates for the Gri...
CVE-2012-3459
CVE-2012-3459 affects Cumin (as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0). The vulnerability arises when remote authenticated users send crafted additional parameters in an HTTP POST, triggering a Condor job attribute change request and potentially enabling privilege esc...
CVE-2012-3459
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
CVE-2012-2685
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...
CVE-2012-2735
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote attackers to hijack web sessions via a crafted session cookie...
CVE-2012-2683
CVE-2012-2683 corresponds to multiple cross-site scripting vulnerabilities in Cumin used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.x. Affected component: Cumin web interface; root cause: XSS in error message displays and in source HTML on certain pages. Impact: remote attackers ...
PT-2012-4224 · Red Hat · Cumin +1
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: A session fixation issue allows remote attackers to hijack web sessions via a crafted session cookie. Recommendations: For Cumin...
PT-2012-4223 · Red Hat · Cumin +1
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands...
PT-2012-4179 · Red Hat · Cumin +1
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error message displays ...
cumin: allows for editing internal Condor job attributes
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
cumin: CSRF flaw
Multiple cross-site request forgery CSRF vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors...
cumin: DoS via large image requests
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...
cumin: SQL injection flaw
Multiple SQL injection vulnerabilities in the getsamplefiltersbysignature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to execute arbitrary SQL commands via the 1 agent or 2 object id...
cumin: weak session keys
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...
cumin: session fixation flaw
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote attackers to hijack web sessions via a crafted session cookie...
cumin: authentication bypass flaws
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to 1 "web pages," 2 "export functionality," and 3 "image viewin...
cumin: multiple XSS flaws
Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Grid 2.2 security update
Updated Grid component packages that fix several security issues, add various enhancements and fix multiple bugs are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...
cumin: DoS via large image requests
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...