Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Mrg
Subscriptions
Total
612 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-4446 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2024-11-21 | N/A |
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | ||||
CVE-2012-4398 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | N/A |
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. | ||||
CVE-2012-3520 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-11-21 | N/A |
The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. | ||||
CVE-2012-3511 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | N/A |
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. | ||||
CVE-2012-3493 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-11-21 | N/A |
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId. | ||||
CVE-2012-3492 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-11-21 | N/A |
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory. | ||||
CVE-2012-3491 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-11-21 | N/A |
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. | ||||
CVE-2012-3467 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2024-11-21 | N/A |
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | ||||
CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | 9.8 Critical |
cumin: At installation postgresql database user created without password | ||||
CVE-2012-3459 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-11-21 | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. | ||||
CVE-2012-3430 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | N/A |
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. | ||||
CVE-2012-3416 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-11-21 | N/A |
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. | ||||
CVE-2012-3400 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. | ||||
CVE-2012-3375 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | N/A |
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. | ||||
CVE-2012-2735 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-11-21 | N/A |
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | ||||
CVE-2012-2734 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-11-21 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. | ||||
CVE-2012-2685 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-11-21 | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | ||||
CVE-2012-2684 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. | ||||
CVE-2012-2683 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." | ||||
CVE-2012-2682 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | N/A |
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. |