Vulnerabilities > Redhat > Enterprise MRG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-28 | CVE-2012-3459 | Permissions, Privileges, and Access Controls vulnerability in multiple products Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. | 4.9 |
| 2012-09-28 | CVE-2012-2685 | Resource Management Errors vulnerability in multiple products Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | 4.0 |
| 2012-09-28 | CVE-2012-2681 | Cryptographic Issues vulnerability in multiple products Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | 5.8 |
| 2012-09-28 | CVE-2012-2680 | Permissions, Privileges, and Access Controls vulnerability in multiple products Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." | 5.0 |
| 2012-05-17 | CVE-2012-1090 | Improper Input Validation vulnerability in multiple products The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | 4.9 |
| 2011-09-20 | CVE-2011-2925 | Improper Authentication vulnerability in Redhat Enterprise MRG 2.0 Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | 4.6 |
| 2010-10-18 | CVE-2009-5006 | The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. | 4.0 |
| 2010-10-18 | CVE-2009-5005 | The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. | 5.0 |
| 2010-10-12 | CVE-2010-3701 | Resource Management Errors vulnerability in Redhat Enterprise MRG lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. | 4.0 |
| 2010-10-12 | CVE-2010-3083 | sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. | 4.3 |