PT-2013-5004 · Red Hat · Red Hat Enterprise Mrg Grid

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise MRG Grid version 2.4 Description: A cross-site scripting XSS issue exists in the web interface for cumin, allowing remote attackers to inject arbitrary web script or HTML via the Max allowance field in the "Set limit" form...

cumin: CSRF protection does not work

Multiple cross-site request forgery CSRF vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests...

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

Condor: Multiple format string flaws

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...