All the vulnerabilites related to trevor_mckay - cumin
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request."
},
{
"lang": "es",
"value": "Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (por consumo de memoria) a trav\u00e9s de una solicitud de imagen de gran tama\u00f1o."
}
],
"id": "CVE-2012-2685",
"lastModified": "2024-11-21T01:39:26.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.960",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la funci\u00f3n get_sample_filters_by_signature en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permiten la ejecuci\u00f3n remota de SQL arbitrarias a trav\u00e9s de (1) el id del agente (2) el id del objeto."
}
],
"id": "CVE-2012-2684",
"lastModified": "2024-11-21T01:39:26.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.913",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-22 18:55
Modified
2024-11-21 01:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "891815E0-7EDB-4D28-92BB-FAD4D3D7CB83",
"versionEndIncluding": "r5237",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cumin antes de r5238, permite a atacantes remotos inyectar secuencias de comandos web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores que incluyen (1) widgets o (2) pages."
}
],
"id": "CVE-2012-1575",
"lastModified": "2024-11-21T01:37:14.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-22T18:55:04.560",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48810"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48829"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53000"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026921"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cumin antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de una cookie de sesi\u00f3n modificada a mano."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html \u0027CWE-384: Session Fixation\u0027",
"evaluatorImpact": "Per: http://rhn.redhat.com/errata/RHSA-2012-1278.html\r\n\r\n\" An authenticated user able to\r\npre-set the Cumin session cookie in a victim\u0027s browser could possibly use\r\nthis flaw to steal the victim\u0027s session after they log into Cumin.\"",
"id": "CVE-2012-2735",
"lastModified": "2024-11-21T01:39:32.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key."
},
{
"lang": "es",
"value": "Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesi\u00f3n, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos a la hora de adivinar la clave de sesi\u00f3n."
}
],
"id": "CVE-2012-2681",
"lastModified": "2024-11-21T01:39:26.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.787",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:40
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor."
},
{
"lang": "es",
"value": "Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios adicionales a trav\u00e9s de par\u00e1metros modificados en una solicitud HTTP POST, lo que provoca una petici\u00f3n de cambio de atributo de un trabajo (job) de Condor."
}
],
"id": "CVE-2012-3459",
"lastModified": "2024-11-21T01:40:55.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.147",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55632"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) \"error message displays\" or (2) \"in source HTML on certain pages.\""
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados relacionados con (1) \"los mensajes de error\" o (2) \"el c\u00f3digo fuente HTML de algunas p\u00e1ginas\"."
}
],
"id": "CVE-2012-2683",
"lastModified": "2024-11-21T01:39:26.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.867",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""
},
{
"lang": "es",
"value": "Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con (1) las p\u00e1ginas web (2) ls funcionalidad de exportaci\u00f3n\", y (3) la \"visualizaci\u00f3n de im\u00e1genes\"."
}
],
"id": "CVE-2012-2680",
"lastModified": "2024-11-21T01:39:26.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.727",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de fasificaci\u00f3n de peticiones en sitios cruzados (CSRF) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios de su elecci\u00f3n para solicitudes que ejecutan comandos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-2734",
"lastModified": "2024-11-21T01:39:31.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.007",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-3459
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55632 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 | x_refsource_MISC | |
| http://secunia.com/advisories/50666 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-25T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50666"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3459",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1575
Vulnerability from cvelistv5
Published
2012-04-22 18:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48810 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53000 | vdb-entry, x_refsource_BID | |
| https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2012-0476.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74844 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-0477.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=805712 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1026921 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.redhat.com/attachment.cgi?id=571986 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48829 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48810"
},
{
"name": "53000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53000"
},
{
"name": "[cumin-developers] 20120306 r5238 - in trunk: cumin/python/cumin cumin/python/cumin/grid cumin/python/cumin/inventory cumin/python/cumin/messaging rosemary/python/rosemary wooly/python/wooly",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html"
},
{
"name": "RHSA-2012:0476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html"
},
{
"name": "cumin-redhat-unspec-xss(74844)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844"
},
{
"name": "RHSA-2012:0477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712"
},
{
"name": "1026921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986"
},
{
"name": "48829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-29T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48810"
},
{
"name": "53000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53000"
},
{
"name": "[cumin-developers] 20120306 r5238 - in trunk: cumin/python/cumin cumin/python/cumin/grid cumin/python/cumin/inventory cumin/python/cumin/messaging rosemary/python/rosemary wooly/python/wooly",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html"
},
{
"name": "RHSA-2012:0476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html"
},
{
"name": "cumin-redhat-unspec-xss(74844)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844"
},
{
"name": "RHSA-2012:0477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712"
},
{
"name": "1026921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986"
},
{
"name": "48829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1575",
"datePublished": "2012-04-22T18:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2681
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "cumin-redhat-weak-security(78771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "cumin-redhat-weak-security(78771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2681",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2683
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html | vendor-advisory, x_refsource_FEDORA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78772 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"name": "cumin-redhat-xss(78772)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) \"error message displays\" or (2) \"in source HTML on certain pages.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"name": "cumin-redhat-xss(78772)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2683",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2735
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78776 | vdb-entry, x_refsource_XF | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 | x_refsource_MISC | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "cumin-redhat-session-hijacking(78776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "cumin-redhat-session-hijacking(78776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2735",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2734
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78775 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-csrf(78775)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-csrf(78775)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2734",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2685
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78774 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "cumin-redhat-dos(78774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "cumin-redhat-dos(78774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2685",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2680
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78770 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-sec-bypass(78770)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-sec-bypass(78770)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2680",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2684
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T20:12:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2684",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}