CVE-2012-2685 – cumin: DoS via large image requests
https://notcve.org/view.php?id=CVE-2012-2685
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de memoria) a través de una solicitud de imagen de gran tamaño. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78774 https://access.redhat.com/security/cve/CVE-2012-2685 https://bugzilla.redhat.com/show_bug.cgi?id=830248 • CWE-399: Resource Management Errors •
CVE-2012-2681 – cumin: weak session keys
https://notcve.org/view.php?id=CVE-2012-2681
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesión, lo que hace más fácil para los atacantes remotos a la hora de adivinar la clave de sesión. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 https://access.redhat.com/security/cve/CVE-2012-2681 https://bugzilla.redhat.com/show_bug.cgi?id=827558 • CWE-310: Cryptographic Issues •
CVE-2012-2683 – cumin: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2012-2683
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con (1) "los mensajes de error" o (2) "el código fuente HTML de algunas páginas". • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78772 https://access.redhat.com/security/cv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1097 – kernel: regset: Prevent null pointer reference on readonly regsets
https://notcve.org/view.php?id=CVE-2012-1097
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. El funcionalidad regset (también conocido como conjunto de registros) en el kernel de Linux antes de v3.2.10 no controla correctamente la ausencia de métodos ."set" y ".get", lo que permite a usuarios locales causar una denegación de servicio (desreferencia de puntero nulo) o, posiblemente, tener un impacto no especificado a través de (1) un PTRACE_GETREGSET o (2) una llamada ptrace PTRACE_SETREGSET. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://rhn.redhat.com/errata/RHSA-2012-0481.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://secunia.com/advisories/48842 http://secunia.com/advisories/48898 http://secunia.com/advisories/48964 http://www.k • CWE-476: NULL Pointer Dereference •
CVE-2012-1090 – kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount
https://notcve.org/view.php?id=CVE-2012-1090
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. La función cifs_lookup en fs/cifs/dir.c en el núcleo de Linux anteriores a v3.2.10 permite a usuarios locales causar una denegación de servicio (OOPS) a través de intentos de acceso a un archivo especial, como lo demuestra un FIFO. • http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://rhn.redhat.com/errata/RHSA-2012-0481.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://secunia.com/advisories/48842 http://secunia.com/advisories/48964 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10 http://www.openwall.com/lists/oss-security/2012/02/28/4 https://bugzilla.redhat.com/show • CWE-20: Improper Input Validation •