| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-2734 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execu
|
13-02-2023 - 04:33 | 28-09-2012 - 17:55 | |
| CVE-2012-2735 | 4.9 |
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
|
13-02-2023 - 04:33 | 28-09-2012 - 17:55 | |
| CVE-2012-2683 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1)
|
13-02-2023 - 00:25 | 28-09-2012 - 17:55 | |
| CVE-2012-2681 | 5.8 |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
|
29-08-2017 - 01:31 | 28-09-2012 - 17:55 | |
| CVE-2012-2685 | 4.0 |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.
|
29-08-2017 - 01:31 | 28-09-2012 - 17:55 | |
| CVE-2012-2680 | 5.0 |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pa
|
29-08-2017 - 01:31 | 28-09-2012 - 17:55 | |
| CVE-2012-3459 | 4.9 |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which
|
25-11-2013 - 04:26 | 28-09-2012 - 17:55 | |
| CVE-2012-2684 | 7.5 |
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (
|
25-11-2013 - 04:25 | 28-09-2012 - 17:55 | |
| CVE-2012-3491 | 4.0 |
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
|
03-10-2012 - 04:00 | 28-09-2012 - 17:55 | |
| CVE-2012-3493 | 5.8 |
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the
|
03-10-2012 - 04:00 | 28-09-2012 - 17:55 | |
| CVE-2012-3492 | 6.4 |
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a u
|
03-10-2012 - 04:00 | 28-09-2012 - 17:55 |