CVSS: 8.1EPSS: 0%CPEs: 21EXPL: 0CVE-2012-3459 – cumin: allows for editing internal Condor job attributes
https://notcve.org/view.php?id=CVE-2012-3459
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2012-2680 – cumin: authentication bypass flaws
https://notcve.org/view.php?id=CVE-2012-2680
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 1CVE-2012-2681 – cumin: weak session keys
https://notcve.org/view.php?id=CVE-2012-2681
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesión, lo que hace más fácil para los atacantes remotos a la hora de adivinar la clave de sesión. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2683 – cumin: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2012-2683
28 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permit... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2684 – cumin: SQL injection flaw
https://notcve.org/view.php?id=CVE-2012-2684
28 Sep 2012 — Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. Múltiples vulnerabilidades de inyección SQL en la función get_sample_filters_by_signature en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permiten la ejecución remota de SQ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 1CVE-2012-2685 – cumin: DoS via large image requests
https://notcve.org/view.php?id=CVE-2012-2685
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de memoria) a través de una solicitud de imagen de gran tamaño. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 1CVE-2012-2734 – cumin: CSRF flaw
https://notcve.org/view.php?id=CVE-2012-2734
28 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. Multiples vulnerabilidades de fasificación de peticiones en sitios cruzados (CSRF) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permiten a atacantes remotos se... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2735 – cumin: session fixation flaw
https://notcve.org/view.php?id=CVE-2012-2735
28 Sep 2012 — Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. Vulnerabilidad de fijación de sesión en Cumin antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permite a atacantes remotos secuestrar sesiones web a través de una cookie de sesión modificada a mano. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1575 – cumin: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2012-1575
22 Apr 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cumin antes de r5238, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores que incluyen (1) widgets o (2) pages. • http://rhn.redhat.com/errata/RHSA-2012-0476.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •