CVSS: 5.0EPSS: 1%CPEs: 21EXPL: 1CVE-2012-2685 – cumin: DoS via large image requests
https://notcve.org/view.php?id=CVE-2012-2685
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de memoria) a través de una solicitud de imagen de gran tamaño. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78774 https://access.redhat.com/security/cve/CVE-2012-2685 https://bugzilla.redhat.com/show_bug.cgi?id=830248 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 1%CPEs: 10EXPL: 1CVE-2012-2681 – cumin: weak session keys
https://notcve.org/view.php?id=CVE-2012-2681
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesión, lo que hace más fácil para los atacantes remotos a la hora de adivinar la clave de sesión. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 https://access.redhat.com/security/cve/CVE-2012-2681 https://bugzilla.redhat.com/show_bug.cgi?id=827558 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2683 – cumin: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2012-2683
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con (1) "los mensajes de error" o (2) "el código fuente HTML de algunas páginas". • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78772 https://access.redhat.com/security/cv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1575 – cumin: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2012-1575
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cumin antes de r5238, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores que incluyen (1) widgets o (2) pages. • http://rhn.redhat.com/errata/RHSA-2012-0476.html http://rhn.redhat.com/errata/RHSA-2012-0477.html http://secunia.com/advisories/48810 http://secunia.com/advisories/48829 http://www.securityfocus.com/bid/53000 http://www.securitytracker.com/id?1026921 https://bugzilla.redhat.com/attachment.cgi?id=571986 https://bugzilla.redhat.com/show_bug.cgi?id=805712 https://exchange.xforce.ibmcloud.com/vulnerabilities/74844 https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •