Vulnerabilities > Schedmd > Slurm > 16.05.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-29500 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | 8.8 |
| 2022-05-05 | CVE-2022-29501 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | 8.8 |
| 2021-05-13 | CVE-2021-31215 | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | 8.8 |
| 2020-11-27 | CVE-2020-27746 | Race Condition vulnerability in multiple products Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | 4.3 |
| 2020-11-27 | CVE-2020-27745 | Classic Buffer Overflow vulnerability in multiple products Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | 6.8 |
| 2020-01-13 | CVE-2019-19728 | Improper Privilege Management vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | 6.0 |
| 2020-01-13 | CVE-2019-19727 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | 2.1 |
| 2018-05-30 | CVE-2018-10995 | Improper Input Validation vulnerability in multiple products SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | 5.0 |
| 2018-03-15 | CVE-2018-7033 | SQL Injection vulnerability in multiple products SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | 7.5 |
| 2017-11-01 | CVE-2017-15566 | Untrusted Search Path vulnerability in Schedmd Slurm Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | 7.2 |