CVE-2019-19727
https://notcve.org/view.php?id=CVE-2019-19727
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, posee permisos débiles de slurmdbd.conf. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1155784 https://lists.schedmd.com/pipermail/slurm-announce https://www.schedmd.com/news.php • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-19728
https://notcve.org/view.php?id=CVE-2019-19728
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, ejecuta srun --uid con privilegios incorrectos. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1159692 https://lists.schedmd.com/pipermail/slurm-announce https://www.debian.org/security/2021/dsa-4841 https://www.schedmd.com/news.php • CWE-269: Improper Privilege Management •
CVE-2019-12838
https://notcve.org/view.php?id=CVE-2019-12838
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Slurm versiones 17.11.x, versiones 18.08.0 hasta 18.08.7, y versión 19.05.0 de SchedMD, permite la inyección SQL. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O47F72FWMYLEGF35QGNYY5VS33SUQS5 https://lists.fedoraproject.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-6438
https://notcve.org/view.php?id=CVE-2019-6438
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. SchedMD Slurm, en versiones anteriores a la 17.11.13 y 18.x en versiones anteriores a la 18.08.5, gestiona de manera incorrecta los sistemas de 32 bits. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00090.html https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html https://www.schedmd.com/news.php?id=213 •
CVE-2018-10995
https://notcve.org/view.php?id=CVE-2018-10995
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). SchedMD Slurm en versiones anteriores a la 17.02.11 y versiones 17.1x.x anteriores a la 17.11.7 gestiona de manera incorrecta los nombres de usuario (también conocidos como campos user_name) y los ID de grupo (también conocidos como campos gid). • https://lists.debian.org/debian-lts-announce/2018/07/msg00029.html https://lists.debian.org/debian-lts-announce/2018/08/msg00008.html https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html https://www.debian.org/security/2018/dsa-4254 https://www.schedmd.com/news.php?id=203 • CWE-20: Improper Input Validation •