FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b3e04661-2a0a-11e8-9e63-3085a9a47796	slurm-wlm -- SQL Injection attacks against SlurmDBD SchedMD reports: Several issues were discovered with incomplete sanitization of user-provided text strings, which could potentially lead to SQL injection attacks against SlurmDBD itself. Such exploits could lead to a loss of accounting data, or escalation of user privileges on the cluster. Discovery 2018-03-15 Entry 2018-03-17 slurm-wlm < 17.02.10 CVE-2018-7033 https://nvd.nist.gov/vuln/detail/CVE-2018-7033
76c2110b-9e97-11ee-ae23-a0f3c100ae18	slurm-wlm -- Several security issues Slurm releases notes: Description CVE-2023-49933 through CVE-2023-49938 Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available and address a number of recently-discovered security issues. They've been assigned CVE-2023-49933 through CVE-2023-49938. Discovery 2023-11-29 Entry 2023-12-19 slurm-wlm < 23.11.1 CVE-2023-49933 CVE-2023-49934 CVE-2023-49935 CVE-2023-49936 CVE-2023-49937 CVE-2023-49938
3a66cb69-716f-11e8-be54-3085a9a47796	slurm -- insecure handling of user_name and gid fields SchedMD reports: Insecure handling of user_name and gid fields (CVE-2018-10995) While fixes are only available for the supported 17.02 and 17.11 releases, it is believed that similar vulnerabilities do affect past versions as well. The only resolution is to upgrade Slurm to a fixed release. Discovery 2018-05-30 Entry 2018-06-16 slurm-wlm < 17.02.11 https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html

VuXML ID

Description

b3e04661-2a0a-11e8-9e63-3085a9a47796

slurm-wlm -- SQL Injection attacks against SlurmDBD

SchedMD reports:

Several issues were discovered with incomplete sanitization of user-provided text strings, which could potentially lead to SQL injection attacks against SlurmDBD itself. Such exploits could lead to a loss of accounting data, or escalation of user privileges on the cluster.

Discovery 2018-03-15
Entry 2018-03-17
slurm-wlm

< 17.02.10

CVE-2018-7033
https://nvd.nist.gov/vuln/detail/CVE-2018-7033

76c2110b-9e97-11ee-ae23-a0f3c100ae18

slurm-wlm -- Several security issues

Slurm releases notes:

Description

CVE-2023-49933 through CVE-2023-49938

Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available and address a number of recently-discovered security issues. They've been assigned CVE-2023-49933 through CVE-2023-49938.

Discovery 2023-11-29
Entry 2023-12-19
slurm-wlm

< 23.11.1

CVE-2023-49933
CVE-2023-49934
CVE-2023-49935
CVE-2023-49936
CVE-2023-49937
CVE-2023-49938

3a66cb69-716f-11e8-be54-3085a9a47796

slurm -- insecure handling of user_name and gid fields

SchedMD reports:

Insecure handling of user_name and gid fields (CVE-2018-10995)

While fixes are only available for the supported 17.02 and 17.11 releases, it is believed that similar vulnerabilities do affect past versions as well. The only resolution is to upgrade Slurm to a fixed release.

Discovery 2018-05-30
Entry 2018-06-16
slurm-wlm

< 17.02.11

https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html