CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29500 – Ubuntu Security Notice USN-6458-1
https://notcve.org/view.php?id=CVE-2022-29500
05 May 2022 — SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. SchedMD Slurm versiones 21.08.x hasta 20.11.x, presenta un Control de Acceso Incorrecto que conlleva a una Divulgación de Información It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. It was discovered that Slurm did n... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH •
CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 0CVE-2022-29501 – Ubuntu Security Notice USN-6458-1
https://notcve.org/view.php?id=CVE-2022-29501
05 May 2022 — SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. SchedMD Slurm versiones 21.08.x hasta 20.11.x , presenta un Control de Acceso Incorrecto que conlleva a una Escalada de Privilegios y ejecución de código It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31215 – Ubuntu Security Notice USN-4781-2
https://notcve.org/view.php?id=CVE-2021-31215
13 May 2021 — SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. SchedMD Slurm versiones anteriores a 20.02.7 y versiones 20.03.xa 20.11.x anteriores a 20.11.7, permite una ejecución de código remota como SlurmUser porque el uso de un script PrologSlurmctld o EpilogSlurmctld conlleva a un manejo inapropiado del entorno USN-4781-1 fixed several vulnerabilities in Slurm... • https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27746 – Ubuntu Security Notice USN-4781-2
https://notcve.org/view.php?id=CVE-2020-27746
27 Nov 2020 — Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. Slurm versiones anteriores a 19.05.8 y versiones 20.x anteriores a 20.02.6, expone información confidencial a un actor no autorizado porque xauth para las cookies mágicas X11 está afectado por una condición de carrera en una operación de lectura en el sistema de archivos /proc USN-4781-1 fixed seve... • https://www.debian.org/security/2021/dsa-4841 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27745 – Ubuntu Security Notice USN-4781-2
https://notcve.org/view.php?id=CVE-2020-27745
27 Nov 2020 — Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Slurm versiones anteriores a 19.05.8 y versiones 20.x anteriores a 20.02.6, presenta un Desbordamiento del Búfer RPC en el plugin PMIx MPI USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this i... • https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-12693 – Ubuntu Security Notice USN-4781-2
https://notcve.org/view.php?id=CVE-2020-12693
21 May 2020 — Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. Slurm versiones 19.05.x anteriores a la versión 19.05.7 y versiones 20.02.x anteriores a la versión 20.02.3, en el extraño caso en que Message Aggregation esté habilitada, permite una Omisión de Autenticación por medio de una ruta o canal alternativo. Una condició... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19727
https://notcve.org/view.php?id=CVE-2019-19727
13 Jan 2020 — SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, posee permisos débiles de slurmdbd.conf. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19728 – Debian Security Advisory 4841-1
https://notcve.org/view.php?id=CVE-2019-19728
13 Jan 2020 — SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, ejecuta srun --uid con privilegios incorrectos. Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, which could result in denial of service, information disclosure or privilege escalation. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 4%CPEs: 10EXPL: 0CVE-2019-12838 – Debian Security Advisory 4572-1
https://notcve.org/view.php?id=CVE-2019-12838
11 Jul 2019 — SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Slurm versiones 17.11.x, versiones 18.08.0 hasta 18.08.7, y versión 19.05.0 de SchedMD, permite la inyección SQL. It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00005.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6438 – Ubuntu Security Notice USN-4781-2
https://notcve.org/view.php?id=CVE-2019-6438
31 Jan 2019 — SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. SchedMD Slurm, en versiones anteriores a la 17.11.13 y 18.x en versiones anteriores a la 18.08.5, gestiona de manera incorrecta los sistemas de 32 bits. USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00090.html •