Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_mrg
(Redhat)Repositories |
• https://github.com/torvalds/linux
• https://github.com/mjg59/linux |
#Vulnerabilities | 74 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2013-12-23 | CVE-2013-4461 | SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator." | Enterprise_mrg | N/A | ||
2014-06-05 | CVE-2014-3917 | kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. | Linux_kernel, Enterprise_linux, Enterprise_mrg, Linux_enterprise_desktop | N/A | ||
2014-04-30 | CVE-2013-6445 | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack. | Enterprise_mrg | N/A | ||
2014-06-05 | CVE-2014-3940 | The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
2014-07-11 | CVE-2014-0174 | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | Enterprise_mrg | N/A | ||
2014-07-19 | CVE-2012-2682 | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. | Enterprise_mrg | N/A | ||
2017-09-19 | CVE-2015-7837 | The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_workstation, Enterprise_mrg, Kernel\-Rt | 5.5 | ||
2019-11-05 | CVE-2013-6460 | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager | 6.5 | ||
2019-11-05 | CVE-2013-6461 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager | N/A | ||
2016-05-02 | CVE-2015-1350 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A |