CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4404 – cumin: missing authorization checks in forms, charts, and csv export widgets
https://notcve.org/view.php?id=CVE-2013-4404
18 Dec 2013 — cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors. cumin en Red Hat Enterprise MRG Grid 2.4 no hace cumplir correctamente los roles de usuario, lo cual permite a usuarios autenticados remotamente sortear restricciones de rol intencionadas y obtener información sensible o ejecutar operaciones privilegiadas a través ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4405 – cumin: CSRF protection does not work
https://notcve.org/view.php?id=CVE-2013-4405
18 Dec 2013 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests. Múltiples vulnerabilidades cross-site request forgery (CSRF) en la interfaz web de cumin en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos secuestrar la autenticación de usuarios cumin en peticiones no especificadas. Red Hat Enterprise MRG is a next-generation IT infrastructure fo... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4414 – cumin: non-persistent XSS possible due to not escaping set limit form input
https://notcve.org/view.php?id=CVE-2013-4414
18 Dec 2013 — Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form. Vulnerabilidad cross-site scripting (XSS) en la interfaz web de cumin en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través del campo "Max allowance" en el formulario "Set limit". Red Hat Enterprise MRG is a next-generation IT in... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4461 – cumin: filtering table operator not checked, leads to potential SQLi
https://notcve.org/view.php?id=CVE-2013-4461
18 Dec 2013 — SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator." Vulnerabilidad de inyección SQL en el interfaz web para "cumin" en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos ejecutar comandos SQL a través de vectores relacionados con el "filtrado de la tabla de operador". Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise co... • http://rhn.redhat.com/errata/RHSA-2013-1851.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 274EXPL: 0CVE-2013-4345 – kernel: ansi_cprng: off by one error in non-block size request
https://notcve.org/view.php?id=CVE-2013-4345
10 Oct 2013 — Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. Error de superación en la función get_prng_bytes en crypto/ansi_cprng.c en el kernel de Linux hasta la versión 3.11.4 hace que sea más fácil para atacantes dependientes del contexto anular mecanism... • http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2 • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4284 – cumin: Denial of service due to improper handling of certain Ajax requests
https://notcve.org/view.php?id=CVE-2013-4284
01 Oct 2013 — Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Cumin, tal como se usa en Red Hat Enterprise MRG 2.4, permite a atacantes remotos provocar una denegación de servicio (CPU y consumo de memoria) a través de una petición de actualización Ajax manipulada. Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interopera... • http://rhn.redhat.com/errata/RHSA-2013-1294.html • CWE-399: Resource Management Errors •