83 matches found
CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
Authentication flaw
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
CVE-2022-28620
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware...
CVE-2022-28620
CVE-2022-28620 is a remote authentication bypass affecting HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX supercomputers. Affected firmware/versions include: node controller firmware for HPE Cray EX liquid-cooled blades; chassis controller firmware in HPE Cray EX liquid-c...
PT-2022-19108 · Hewlett Packard · Hpe Cray Ex Supercomputers +2
Name of the Vulnerable Software and Affected Versions: HPE Cray Legacy Shasta System Solutions versions prior to node controller firmware associated with HPE Cray EX liquid cooled blades HPE Slingshot versions prior to 1.7.2 HPE Cray EX supercomputers versions prior to 1.6.27/1.5.33/1.4.27...
HPE Cray Legacy Shasta 授权问题漏洞
HPE Cray Legacy Shasta is a supercomputer from Wise and Technology HPE. It can handle the new large-scale convergent modeling that is currently available. A security vulnerability exists in the HPE Cray Legacy Shasta that can be remotely exploited by an attacker to allow bypassing authentication,...
openSUSE Security Update : slurm (openSUSE-2019-521)
This update for slurm to version 17.11.7 fixes the following issues : This security issue was fixed : - CVE-2018-10995: Ensure correct handling of user names and group ids bsc1095508. These non-security issues were fixed : - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct...
SUSE SLES12 Security Update : slurm (SUSE-SU-2017:3311-1)
This update for slurm fixes the following issues: Slurm was updated to 17.02.9 to fix a security bug, bringing new features and bugfixes fate323998 bsc1067580. Security issue fixed : - CVE-2017-15566: Fix security issue in Prolog and Epilog by always prepending SPANK to all user-set environment...
openSUSE Security Update : slurm (openSUSE-2018-729)
This update for slurm to version 17.11.7 fixes the following issues : This security issue was fixed : - CVE-2018-10995: Ensure correct handling of user names and group ids bsc1095508. These non-security issues were fixed : - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct...
Security update for slurm (moderate)
This update for slurm to version 17.11.7 fixes the following issues: This security issue was fixed: - CVE-2018-10995: Ensure correct handling of user names and group ids bsc1095508. These non-security issues were fixed: - CRAY - Add slurmsmwd to the contribs/cray dir - PMIX - Added the direct...
CVE-2014-0748
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912...
Code injection
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912...
CVE-2014-0748
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912...
CVE-2014-0748
CVE-2014-0748 affects Cray Aprun/Apinit on Cray supercomputers. The issue arises from the apinit service not validating the UID in launch messages received via aprun against the ALPS-authenticated UID, allowing a local user to escalate privileges to root on a compute node. Affected versions were ...
Cray UNICOS /usr/bin/script Command Line Argument Local Overflow
No description provided by source. source: http://www.securityfocus.com/bid/16205/info Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges...
Cray UNICOS /etc/nu -c Option Filename Processing Local Overflow
No description provided by source. source: http://www.securityfocus.com/bid/16205/info Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges...
Cray supercomputers privilege escalation
root privileges escalation via aprun/apinit...
[mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation
Cray Aprun/Apinit Privilege Escalation ====================================== MWR have identified a vulnerability which allows users to escalate their privileges to root on Cray supercomputers. This advisory details the vulnerability and the patches which Cray customers can apply in order to...
Cray Aprun / Apinit Privilege Escalation
Cray Aprun/Apinit Privilege Escalation ====================================== MWR have identified a vulnerability which allows users to escalate their privileges to root on Cray supercomputers. This advisory details the vulnerability and the patches which Cray customers can apply in order to...