Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2019-12838

Published: 11/07/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Slurm

Vulnerability Summary

SchedMD Slurm 17.11.x, 18.08.0 up to and including 18.08.7, and 19.05.0 allows SQL Injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

schedmd slurm

schedmd slurm 19.05.0

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 29

fedoraproject fedora 30

opensuse leap 15.0

opensuse leap 15.1

Vendor Advisories

Debian CVElist Bug Report Logs: slurm-llnl: CVE-2019-12838
Debian Bug report logs - #931880 slurm-llnl: CVE-2019-12838 Package: src:slurm-llnl; Maintainer for src:slurm-llnl is Debian HPC Team <debian-hpc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Jul 2019 20:09:01 UTC Severity: grave Tags: security, upstream Found in versions slu ...
Debian Security Advisories: DSA-4572-1 slurm-llnl -- security update
It was discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection For the stable distribution (buster), this problem has been fixed in version 180852- ...

References

CWE-89https://www.schedmd.com/news.phphttps://lists.schedmd.com/pipermail/slurm-announce/2019/https://www.schedmd.com/news.php?id=218https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00005.htmlhttps://seclists.org/bugtraq/2019/Nov/30https://www.debian.org/security/2019/dsa-4572http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2022/01/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ6EV3OWKGMTBWCSXZGS4MYADUBLVXSQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O47F72FWMYLEGF35QGNYY5VS33SUQS5/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931880https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4572
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook