CVE-2012-2680 – cumin: authentication bypass flaws
https://notcve.org/view.php?id=CVE-2012-2680
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados relacionados con (1) las páginas web (2) ls funcionalidad de exportación", y (3) la "visualización de imágenes". • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78770 https://access.redhat.com/security/cve/CVE-2012-2680 https://bugzilla.redhat.com/show_bug.cgi?id=829421 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2734 – cumin: CSRF flaw
https://notcve.org/view.php?id=CVE-2012-2734
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. Multiples vulnerabilidades de fasificación de peticiones en sitios cruzados (CSRF) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permiten a atacantes remotos secuestrar la autenticación de usuarios de su elección para solicitudes que ejecutan comandos a través de vectores no especificados. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78775 https://access.redhat.com/security/cve/CVE-2012-2734 https://bugzilla.redhat.com/show_bug.cgi?id=832124 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-3459 – cumin: allows for editing internal Condor job attributes
https://notcve.org/view.php?id=CVE-2012-3459
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios adicionales a través de parámetros modificados en una solicitud HTTP POST, lo que provoca una petición de cambio de atributo de un trabajo (job) de Condor. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://secunia.com/advisories/50666 http://www.securityfocus.com/bid/55632 https://access.redhat.com/security/cve/CVE-2012-3459 https://bugzilla.redhat.com/show_bug.cgi?id=846501 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2735 – cumin: session fixation flaw
https://notcve.org/view.php?id=CVE-2012-2735
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. Vulnerabilidad de fijación de sesión en Cumin antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permite a atacantes remotos secuestrar sesiones web a través de una cookie de sesión modificada a mano. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78776 https://access.redhat.com/security/cve/CVE-2012-2735 https://bugzilla.redhat.com/show_bug.cgi?id=832151 • CWE-384: Session Fixation •
CVE-2012-2684 – cumin: SQL injection flaw
https://notcve.org/view.php?id=CVE-2012-2684
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. Múltiples vulnerabilidades de inyección SQL en la función get_sample_filters_by_signature en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permiten la ejecución remota de SQL arbitrarias a través de (1) el id del agente (2) el id del objeto. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://access.redhat.com/security/cve/CVE-2012-2684 https://bugzilla.redhat.com/show_bu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •