Page 2 of 9 results (0.002 seconds)

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. Slurm versiones 19.05.x anteriores a la versión 19.05.7 y versiones 20.02.x anteriores a la versión 20.02.3, en el extraño caso en que Message Aggregation esté habilitada, permite una Omisión de Autenticación por medio de una ruta o canal alternativo. Una condición de carrera permite a un usuario iniciar un proceso como usuario arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, posee permisos débiles de slurmdbd.conf. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1155784 https://lists.schedmd.com/pipermail/slurm-announce https://www.schedmd.com/news.php • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, ejecuta srun --uid con privilegios incorrectos. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1159692 https://lists.schedmd.com/pipermail/slurm-announce https://www.debian.org/security/2021/dsa-4841 https://www.schedmd.com/news.php • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Slurm versiones 17.11.x, versiones 18.08.0 hasta 18.08.7, y versión 19.05.0 de SchedMD, permite la inyección SQL. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O47F72FWMYLEGF35QGNYY5VS33SUQS5 https://lists.fedoraproject.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •