RSS   Podatności dla 'Slurm'   RSS

2022-05-05
 
CVE-2022-29500

CWE-287
 

 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.

 
 
CVE-2022-29501

NVD-CWE-noinfo
 

 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.

 
 
CVE-2022-29502

NVD-CWE-noinfo
 

 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.

 
2021-11-17
 
CVE-2021-43337

CWE-863
 

 
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.

 
2021-05-13
 
CVE-2021-31215

NVD-CWE-noinfo
 

 
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

 
2020-11-27
 
CVE-2020-27746

CWE-922
 

 
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

 
 
CVE-2020-27745

CWE-120
 

 
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

 
2020-05-21
 
CVE-2020-12693

NVD-CWE-Other
 

 
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

 
2020-01-13
 
CVE-2019-19728

CWE-269
 

 
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

 
 
CVE-2019-19727

CWE-732
 

 
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

 


Copyright 2022, cxsecurity.com

 

Back to Top