13 matches found
RHEL 6 : kernel-rt (RHSA-2012:0010)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0010 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A...
Cross site request forgery (csrf)
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
Design/Logic Flaw
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...
Sql injection
Multiple SQL injection vulnerabilities in the getsamplefiltersbysignature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to execute arbitrary SQL commands via the 1 agent or 2 object id...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...
Information disclosure
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to 1 "web pages," 2 "export functionality," and 3 "image viewin...
CVE-2012-2735
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote attackers to hijack web sessions via a crafted session cookie...
CVE-2012-2684
CVE-2012-2684 affects Cumin (the MRG web console) used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0. The vulnerability is a SQL injection in the get_sample_filters_by_signature function, exploitable remotely via the (1) agent or (2) object id, as described in the CVE entry. Root ...
CVE-2012-2734
CVE-2012-2734 affects Cumin in Red Hat MRG Grid/Messaging stack (MRG 2.0). The vulnerability is a Cross-Site Request Forgery that lets an attacker hijack the authenticated user’s session and cause commands to be executed via unspecified vectors. Affected component: Cumin before 0.1.5444. Impact: ...
CVE-2012-2685
CVE-2012-2685 details (MODE C): In Cumin, components used in Red Hat Enterprise Messaging/Realtime/Grid (MRG) 2.0, versions prior to 0.1.5444 allow remote authenticated users to cause a denial of service by requesting images of a large size, triggering memory consumption on the Cumin server. The ...
CVE-2012-3459
CVE-2012-3459 affects Cumin (as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0). The vulnerability arises when remote authenticated users send crafted additional parameters in an HTTP POST, triggering a Condor job attribute change request and potentially enabling privilege esc...
CVE-2012-2683
CVE-2012-2683 corresponds to multiple cross-site scripting vulnerabilities in Cumin used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.x. Affected component: Cumin web interface; root cause: XSS in error message displays and in source HTML on certain pages. Impact: remote attackers ...
CVE-2011-2925
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...