Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_mrg
(Redhat)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/mjg59/linux |
| #Vulnerabilities | 74 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-09-28 | CVE-2012-2734 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. | Enterprise_mrg, Cumin | N/A | ||
| 2012-09-28 | CVE-2012-2735 | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | Enterprise_mrg, Cumin | N/A | ||
| 2013-02-28 | CVE-2013-1773 | Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
| 2013-02-28 | CVE-2013-1774 | The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
| 2013-03-14 | CVE-2012-4462 | aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option. | Condor, Enterprise_mrg | N/A | ||
| 2013-04-29 | CVE-2013-2015 | The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
| 2013-10-01 | CVE-2013-1892 | MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. | Mongodb, Enterprise_mrg | N/A | ||
| 2013-10-10 | CVE-2013-4345 | Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. | Fedora, Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
| 2013-12-23 | CVE-2013-4405 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests. | Enterprise_mrg | N/A | ||
| 2013-12-23 | CVE-2013-4414 | Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form. | Enterprise_mrg | N/A |