Vulnerabilities > Schedmd > Slurm > 2.1.11.1

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-29500 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
network
low complexity
schedmd fedoraproject debian
8.8
8.8
2022-05-05 CVE-2022-29501 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
network
low complexity
schedmd fedoraproject debian
8.8
8.8
2021-05-13 CVE-2021-31215 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
network
low complexity
schedmd fedoraproject debian
8.8
8.8
2020-11-27 CVE-2020-27746 Race Condition vulnerability in multiple products
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
network
high complexity
schedmd debian CWE-362
3.7
3.7
2020-11-27 CVE-2020-27745 Classic Buffer Overflow vulnerability in multiple products
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
network
low complexity
schedmd debian CWE-120
critical
 9.8
9.8
2020-01-13 CVE-2019-19728 Improper Privilege Management vulnerability in multiple products
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
network
high complexity
schedmd opensuse debian CWE-269
7.5
7.5
2020-01-13 CVE-2019-19727 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
local
low complexity
schedmd opensuse CWE-732
5.5
5.5
2018-05-30 CVE-2018-10995 Improper Input Validation vulnerability in multiple products
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
network
low complexity
schedmd debian CWE-20
5.3
5.3
2018-03-15 CVE-2018-7033 SQL Injection vulnerability in multiple products
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
network
low complexity
schedmd debian CWE-89
critical
 9.8
9.8
2017-11-01 CVE-2017-15566 Untrusted Search Path vulnerability in Schedmd Slurm
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
local
low complexity
schedmd CWE-426
7.8
7.8