CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43337
https://notcve.org/view.php?id=CVE-2021-43337
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access. SchedMD Slurm versiones 21.08.* anteriores a 21.08.4, presenta un Control de Acceso Incorrecto. En los sitios que usan las nuevas opciones AccountingStoreFlags=job_script y/o job_env, las reglas de control de acceso en SlurmDBD pueden permitir a usuarios solicitar scripts de trabajo y archivos de entorno a los que no deberían tener acceso • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG https://lists.schedmd.com/pipermail/slurm-announce https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html https://www.schedmd.com/news.php https://www.schedmd.com/news.php?id=256 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31215
https://notcve.org/view.php?id=CVE-2021-31215
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. SchedMD Slurm versiones anteriores a 20.02.7 y versiones 20.03.xa 20.11.x anteriores a 20.11.7, permite una ejecución de código remota como SlurmUser porque el uso de un script PrologSlurmctld o EpilogSlurmctld conlleva a un manejo inapropiado del entorno • https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ODMJQNY4FAV7G3DSKVIO5KY7Q7DKBPU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRHTASFAU5FNB2MJOG67YID2ONQS5MCQ https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html https://www.schedmd.com/news.php?id=248#OPT_248 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27746
https://notcve.org/view.php?id=CVE-2020-27746
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. Slurm versiones anteriores a 19.05.8 y versiones 20.x anteriores a 20.02.6, expone información confidencial a un actor no autorizado porque xauth para las cookies mágicas X11 está afectado por una condición de carrera en una operación de lectura en el sistema de archivos /proc • https://www.debian.org/security/2021/dsa-4841 https://www.schedmd.com/news.php • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27745
https://notcve.org/view.php?id=CVE-2020-27745
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Slurm versiones anteriores a 19.05.8 y versiones 20.x anteriores a 20.02.6, presenta un Desbordamiento del Búfer RPC en el plugin PMIx MPI • https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://www.debian.org/security/2021/dsa-4841 https://www.schedmd.com/news.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-12693
https://notcve.org/view.php?id=CVE-2020-12693
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. Slurm versiones 19.05.x anteriores a la versión 19.05.7 y versiones 20.02.x anteriores a la versión 20.02.3, en el extraño caso en que Message Aggregation esté habilitada, permite una Omisión de Autenticación por medio de una ruta o canal alternativo. Una condición de carrera permite a un usuario iniciar un proceso como usuario arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html •