124 matches found
CVE-2017-17524
library/wwwbrowser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
Debian DSA-4023-1 : slurm-llnl - security update
Ryan Day discovered that the Simple Linux Utility for Resource Management SLURM, a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems...
[SECURITY] [DSA 4023-1] slurm-llnl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4023-1] slurm-llnl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...
CVE-2017-15566
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...
CVE-2017-15566
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...
UBUNTU-CVE-2017-15566
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...
CVE-2017-15566
Removed by vendor...
Pharos: A Static Binary Analysis Framework
PenTestIT RSS Feed All of us know what static binary analysis means. It means that the analysis of the binary is performed without actually executing it. Almost two years ago, an open source framework - Pharos, was created by the Carnegie Mellon SEI, CERT Division in collaboration with the Lawren...
Debian DLA-921-1 : slurm-llnl security update
With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script. For Debian 7 'Wheezy', these problems have been fixed in version 2.3.4-2+deb7u1. We recommend that you upgrade your slurm-lln...
SLURM Prolog Security Bypass Vulnerability
Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters. A security bypass vulnerability exists in Slurm. An attacker can exploit this vulnerability to perform unauthorized operations bypassing security restrictions...
CVE-2016-10030
The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...
Design/Logic Flaw
The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...
UBUNTU-CVE-2016-10030
The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...
CVE-2016-10030
The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...
CVE-2016-10030
The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...
CVE-2016-10030
CVE-2016-10030 affects Slurm: the Prolog failure handling in slurmd/req.c can let a user influence an arbitrary file if they can cause or anticipate a Prolog script failure on a compute node. Affected versions span Slurm up to present in 0.6.0 onwards, with fixed ranges listed as: before 15.08.13...
CVE-2016-10030
Removed by vendor...
Gentoo Security Advisory GLSA 201312-05
Gentoo Linux Local Security Checks GLSA 201312-05 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
GLSA-201312-05 : SWI-Prolog : Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201312-05 SWI-Prolog : Multiple vulnerabilities Multiple vulnerabilities have been discovered in SWI-Prolog: An error in the canoniseFileName function could cause a stack-based buffer overflow CVE-2012-6089. An error in the expand...