DSA-4254-1 slurm-llnl -- slurm-llnlID: oval:org.secpod.oval:def:53379 | Date: (C)2019-06-14 (M)2023-04-27 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management , a cluster resource management and job scheduling system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-7033 Incomplete sanitization of user-provided text strings could lead to SQL injection attacks against slurmdbd. CVE-2018-10995 Insecure handling of user_name and gid fields leading to improper authentication handling.