CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0CVE-2012-3459 – cumin: allows for editing internal Condor job attributes
https://notcve.org/view.php?id=CVE-2012-3459
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios adicionales a través de parámetros modificados en una solicitud HTTP POST, lo que provoca una petición de cambio de atributo de un trabajo (job) de Condor. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://secunia.com/advisories/50666 http://www.securityfocus.com/bid/55632 https://access.redhat.com/security/cve/CVE-2012-3459 https://bugzilla.redhat.com/show_bug.cgi?id=846501 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2735 – cumin: session fixation flaw
https://notcve.org/view.php?id=CVE-2012-2735
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. Vulnerabilidad de fijación de sesión en Cumin antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permite a atacantes remotos secuestrar sesiones web a través de una cookie de sesión modificada a mano. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78776 https://access.redhat.com/security/cve/CVE-2012-2735 https://bugzilla.redhat.com/show_bug.cgi?id=832151 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2684 – cumin: SQL injection flaw
https://notcve.org/view.php?id=CVE-2012-2684
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. Múltiples vulnerabilidades de inyección SQL en la función get_sample_filters_by_signature en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permiten la ejecución remota de SQL arbitrarias a través de (1) el id del agente (2) el id del objeto. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://access.redhat.com/security/cve/CVE-2012-2684 https://bugzilla.redhat.com/show_bu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 21EXPL: 1CVE-2012-2685 – cumin: DoS via large image requests
https://notcve.org/view.php?id=CVE-2012-2685
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de memoria) a través de una solicitud de imagen de gran tamaño. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78774 https://access.redhat.com/security/cve/CVE-2012-2685 https://bugzilla.redhat.com/show_bug.cgi?id=830248 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 1%CPEs: 10EXPL: 1CVE-2012-2681 – cumin: weak session keys
https://notcve.org/view.php?id=CVE-2012-2681
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesión, lo que hace más fácil para los atacantes remotos a la hora de adivinar la clave de sesión. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 https://access.redhat.com/security/cve/CVE-2012-2681 https://bugzilla.redhat.com/show_bug.cgi?id=827558 • CWE-310: Cryptographic Issues •