Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_mrg
(Redhat)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/mjg59/linux |
| #Vulnerabilities | 74 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-30 | CVE-2017-7482 | In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | Debian_linux, Linux_kernel, Enterprise_mrg | 7.8 | ||
| 2010-12-07 | CVE-2010-4179 | The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins. | Enterprise_mrg | N/A | ||
| 2011-01-11 | CVE-2010-4526 | Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | Linux_kernel, Enterprise_mrg, Esx | N/A | ||
| 2011-10-10 | CVE-2011-2189 | net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_mrg | 7.5 | ||
| 2012-05-17 | CVE-2012-1097 | The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. | Linux_kernel, Enterprise_linux, Enterprise_mrg, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server | 7.8 | ||
| 2012-05-24 | CVE-2011-2699 | The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. | Linux_kernel, Enterprise_linux, Enterprise_mrg | 7.5 | ||
| 2012-09-28 | CVE-2012-2683 | Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." | Enterprise_mrg, Cumin | N/A | ||
| 2012-09-28 | CVE-2012-2734 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. | Enterprise_mrg, Cumin | N/A | ||
| 2012-09-28 | CVE-2012-2735 | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | Enterprise_mrg, Cumin | N/A | ||
| 2013-02-28 | CVE-2013-1773 | Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A |