16.05.8

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-05	CVE-2022-29500	SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. network low complexity schedmd fedoraproject debian	8.8
2022-05-05	CVE-2022-29501	SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. network low complexity schedmd fedoraproject debian	8.8
2021-05-13	CVE-2021-31215	SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. network low complexity schedmd fedoraproject debian	8.8
2020-11-27	CVE-2020-27746	Race Condition vulnerability in multiple products Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. network schedmd debian CWE-362	4.3
2020-11-27	CVE-2020-27745	Classic Buffer Overflow vulnerability in multiple products Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. network schedmd debian CWE-120	6.8
2020-01-13	CVE-2019-19728	Improper Privilege Management vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. network schedmd opensuse debian CWE-269	6.0
2020-01-13	CVE-2019-19727	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. local low complexity schedmd opensuse CWE-732	2.1
2019-01-31	CVE-2019-6438	SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. network low complexity schedmd opensuse	7.5
2018-05-30	CVE-2018-10995	Improper Input Validation vulnerability in multiple products SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). network low complexity schedmd debian CWE-20	5.0
2018-03-15	CVE-2018-7033	SQL Injection vulnerability in multiple products SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. network low complexity schedmd debian CWE-89	7.5