30 matches found
PT-2026-46260
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl ca file is configured, the driver enables certificate chain validation but does not pass the...
USN-8197-1: Slurm vulnerability
It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket on the host. An attacker could possibly use this issue to execute arbitrary code as the root use...
GHSA-6P6V-M64V-JX8Q Apache Spark has Inadequate Encryption Strength
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
EUVD-2025-34531
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
EUVD-2000-0765
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-49933
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communicatio...
SUSE SLES12 Security Update : slurm (SUSE-SU-2024:0315-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0315-1 advisory. - An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During...
SUSE SLES15 / openSUSE 15 Security Update : slurm_22_05 (SUSE-SU-2024:0283-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0283-1 advisory. - An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity Duri...
openSUSE 15 Security Update : slurm_20_02 (SUSE-SU-2024:0278-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0278-1 advisory. - An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a...
Fedora 38 : slurm (2023-540de58d84)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-540de58d84 advisory. - Update to 22.05.11 - Closes CVE-2023-49933 through CVE-2023-49938 Tenable has extracted the preceding description block directly from the Fedora...
Improper Input Validation
libslurm.so is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of length checks for the message size in slurmprotocolapi.c, which allows an attacker to modify RPC traffic in a way that bypasses message hash checks, leading to message extension attacks...
SUSE CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
DEBIAN-CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
Design/Logic Flaw
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
CVE-2023-49933
CVE-2023-49933 affects SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. The vulnerability is described as Improper Enforcement of Message Integrity During Transmission in a communication channel, allowing an attacker to modify RPC traffic in a way that bypasses message hash checks. Affected versions ...
CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
USN-6458-1: Slurm vulnerabilities
It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2022-29500 It was discovered that Slurm did not proper...
CVE-2020-29487
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one R...