CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-7033
https://notcve.org/view.php?id=CVE-2018-7033
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. SchedMD Slurm en versiones anteriores a la 17.02.10 y 17.11.x en versiones anteriores a la 17.11.5 permite ataques de inyección SQL contra SlurmDBD. • https://lists.debian.org/debian-lts-announce/2018/04/msg00032.html https://lists.debian.org/debian-lts-announce/2018/07/msg00029.html https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html https://www.debian.org/security/2018/dsa-4254 https://www.schedmd.com/news.php?id=201 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15566
https://notcve.org/view.php?id=CVE-2017-15566
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. Existe una gestión de variables de entorno SPANK insegura en SchedMD Slurm, en versiones anteriores a la 16.05.11, versiones 17.x anteriores a la 17.02.9 y versiones 17.11.x anteriores a la 17.11.0rc2. Esto permite un escalado de privilegios a root durante la ejecución de Prolog o Epilog. • http://www.securityfocus.com/bid/101675 https://www.debian.org/security/2017/dsa-4023 https://www.schedmd.com/news.php?id=193#OPT_193 • CWE-426: Untrusted Search Path •