VYPR

rpm package

opensuse/slurm&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/slurm&distro=openSUSE%20Tumbleweed

Vulnerabilities (14)

  • CVE-2025-43904MedJan 16, 2026
    affected < 24.11.5-1.1fixed 24.11.5-1.1

    In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

  • CVE-2024-48936Oct 28, 2024
    affected < 24.05.4-1.1fixed 24.05.4-1.1

    SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled ste

  • CVE-2021-31215May 13, 2021
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

  • CVE-2020-27746Nov 27, 2020
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

  • CVE-2020-27745Nov 27, 2020
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

  • CVE-2020-12693May 21, 2020
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

  • CVE-2019-19727Jan 13, 2020
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

  • CVE-2019-19728Jan 13, 2020
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

  • CVE-2019-12838Jul 11, 2019
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

  • CVE-2019-6438Jan 31, 2019
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

  • CVE-2018-10995May 30, 2018
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

  • CVE-2018-7033Mar 15, 2018
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.

  • CVE-2017-15566HigNov 1, 2017
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

  • CVE-2016-10030HigJan 5, 2017
    affected < 21.08.1-1.1fixed 21.08.1-1.1

    The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an a