U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:schedmd:slurm:17.11.0.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity
CVE-2022-29501

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.

Published: May 05, 2022; 1:15:15 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2022-29500

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.

Published: May 05, 2022; 1:15:15 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-31215

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

Published: May 13, 2021; 2:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-27746

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

Published: November 27, 2020; 1:15:11 PM -0500
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27745

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

Published: November 27, 2020; 12:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2019-19728

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

Published: January 13, 2020; 2:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2019-19727

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

Published: January 13, 2020; 2:15:12 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

Published: July 11, 2019; 9:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-10995

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

Published: May 30, 2018; 4:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-7033

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.

Published: March 15, 2018; 6:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH