160 matches found
CVE-2012-3460
cumin: At installation postgresql database user created without password...
CVE-2012-3460
CVE-2012-3460 affects cumin; the installation process creates a PostgreSQL database user without a password. This root cause enables potential unauthorized access to the database, contributing to a critical risk profile (CVSS v3.1: CRITICAL, 9.8; CVSS v2: HIGH, 7.5). The vulnerability details ava...
Cross-site Request Forgery (CSRF)
cumin is vulnerable to cross-site request forgery CSRF. The vulnerability exists through the ability to hijack authentication of cumin users...
Cross-site Scripting (XSS)
cumin is vulnerable to cross-site scripting XSS. The vulnerability exists through the Max Allowance field in the Set limit form...
Session Fixation
Cumin is vulnerable to session fixation. An authenticated remote attacker is able to steal the victim's session after they log into Cumin via a crafted session cookie...
User Impersanation
cumin is vulnerable to user impersanation. Users able to authentication directories even when they have weak permissions in condorio/condorauthfs.cpp, allowing malicious users to impersonate users by renaming a user's authentication directory...
Unauthorised Removal Of Idle Jobs
Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources web pages, export functionality,...
Cross-site Request Forgery (CSRF)
cumin is vulnerable to cross-site request forgery CSRF. an attacker is able to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors...
Cross-site Scripting (XSS)
Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources web pages, export functionality,...
Information Leakage
Cumin aka MRG Management Console is vulnerable to information leakage. The vulnerability exists because of the use of weak DES-based hash function to hash password, allowing the attacker to brute-force to get plain text...
Denial Of Service (DoS)
cumin is vulnerable to denial of service DoS attacks. The vulnerability exists as Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...
Information Disclosure
cumin is vulnerable to information disclosure attacks. The vulnerability exists as Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via...
Denial Of Service (DoS)
cumin is vulnerable to denial of service DoS attacks. The vulnerability exists as Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service inaccessible page via a non-ASCII character in the name of a li...
Authorization Bypass
cumin is vulnerable to authorization bypass. User roles in the application are not properly enforced, allowing unprivileged user to access restricted resources. This allows a remote authenticated attacker to exploit the vulnerability to obtain confidential information and perform unauthorized...
RHEL 6 : MRG (RHSA-2013:1852)
Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...
RHEL 5 : Red Hat Enterprise MRG Grid 2.0 (RHSA-2011:1249)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1249 advisory. - cumin: broker username/password appears in the log file CVE-2011-2925 Note that Nessus has not tested for this issue but has instead relied only on...
RHEL 6 : MRG (RHSA-2014:0440)
Updated Grid component packages that fix two security issues, multiple bugs, and provide several enhancements are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common...
RHEL 5 : MRG (RHSA-2013:1851)
An updated Grid component package that fixes multiple security issues is now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
RHEL 6 : MRG (RHSA-2014:0858)
An updated cumin package that fixes two security issues is now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
RHEL 5 : MRG (RHSA-2012:1278)
Updated Grid component packages that fix several security issues, add various enhancements and fix multiple bugs are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...