164 matches found
Fedora 39 : slurm (2023-9a74d212f8)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9a74d212f8 advisory. - Update to 22.05.11 - Closes CVE-2023-49933 through CVE-2023-49938 Tenable has extracted the preceding description block directly from the Fedora...
Authentication Bypass
libslurm.so is vulnerable to Authentication Bypass. The vulnerability is due to a message integrity bypass in slurmprotocolapi.c. An attacker can reuse root-level authentication tokens which allows an attacker to perform unauthorized actions...
SUSE CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
CVE-2023-49935
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...
DEBIAN-CVE-2023-49935
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...
DEBIAN-CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
Design/Logic Flaw
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
UBUNTU-CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
SchedMD Slurm Security Vulnerability
SchedMD Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters from SchedMD, Inc. A security vulnerability exists in SchedMD Slurm that stems from improper message integrity enforcement during transmission in a communication...
CVE-2023-49933
CVE-2023-49933 affects SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. The vulnerability is described as Improper Enforcement of Message Integrity During Transmission in a communication channel, allowing an attacker to modify RPC traffic in a way that bypasses message hash checks. Affected versions ...
CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
CVE-2023-49935
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...
CVE-2023-49933
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...
PT-2023-8199 · Schedmd +2 · Slurm +2
Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 22.05.x through 22.05.10 SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0 Description: The issue is related to the improper enforcement of message integrity during transmissi...
PT-2023-8198 · Schedmd +1 · Slurm +1
Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0 Description: The issue is related to incorrect access control due to a slurmd Message Integrity Bypass, allowing an attacker to reuse root-level...
CVE-2023-46445
A flaw was found in python-asyncssh before 2.14.1 versions, where the rogue extension negotiation process is unauthenticated and allows injecting an info message. This flaw allows an attacker to replace the original message, downgrading the algorithm used for client authentication, which affects...
kernel: virt/coco/sev-guest: Double-buffer messages
In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...
CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function. The issue results from a missing...
CVE-2023-2885
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2885
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle AiTM. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...