Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5005 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 5.0 MEDIUM | N/A |
| The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. | |||||
| CVE-2009-4133 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2021-07-15 | 6.5 MEDIUM | N/A |
| Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. | |||||
| CVE-2009-5006 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
| The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. | |||||
| CVE-2010-3083 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 4.3 MEDIUM | N/A |
| sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. | |||||
| CVE-2010-3701 | 1 Redhat | 1 Enterprise Mrg | 2021-07-15 | 4.0 MEDIUM | N/A |
| lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. | |||||
| CVE-2012-3459 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 4.9 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. | |||||
| CVE-2020-12826 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2021-07-15 | 4.4 MEDIUM | 5.3 MEDIUM |
| A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. | |||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2021-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
| CVE-2012-2685 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 4.0 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | |||||
| CVE-2013-4255 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2021-07-15 | 3.5 LOW | N/A |
| The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. | |||||
| CVE-2013-2164 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | N/A |
| The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. | |||||
| CVE-2012-1090 | 3 Linux, Redhat, Suse | 5 Linux Kernel, Enterprise Mrg, Linux Enterprise Desktop and 2 more | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. | |||||
| CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||
| CVE-2017-15128 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). | |||||
| CVE-2014-3917 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2021-07-15 | 3.3 LOW | N/A |
| kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. | |||||
| CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
| The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | |||||
| CVE-2012-2680 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 5.0 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." | |||||
| CVE-2014-8181 | 1 Redhat | 2 Enterprise Linux, Enterprise Mrg | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
| The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||||
| CVE-2012-2684 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2021-07-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. | |||||
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2021-07-15 | 5.8 MEDIUM | N/A |
| The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||