rpm package
suse/pdsh_slurm_18_08&distro=SUSE Linux Enterprise Module for HPC 12
pkg:rpm/suse/pdsh_slurm_18_08&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31251 | — | < 2.34-7.35.3 | 2.34-7.35.3 | Sep 7, 2022 | A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | ||
| CVE-2022-29500 | — | < 2.34-7.35.3 | 2.34-7.35.3 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | ||
| CVE-2022-29501 | — | < 2.34-7.35.3 | 2.34-7.35.3 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | ||
| CVE-2022-29502 | — | < 2.34-7.35.3 | 2.34-7.35.3 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. | ||
| CVE-2021-43337 | — | < 2.34-7.35.3 | 2.34-7.35.3 | Nov 17, 2021 | SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have acces | ||
| CVE-2020-27746 | — | < 2.34-7.32.1 | 2.34-7.32.1 | Nov 27, 2020 | Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | ||
| CVE-2020-27745 | — | < 2.34-7.32.1 | 2.34-7.32.1 | Nov 27, 2020 | Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | ||
| CVE-2020-12693 | — | < 2.34-7.26.2 | 2.34-7.26.2 | May 21, 2020 | Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | ||
| CVE-2019-19727 | — | < 2.34-7.26.2 | 2.34-7.26.2 | Jan 13, 2020 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | ||
| CVE-2019-19728 | — | < 2.34-7.26.2 | 2.34-7.26.2 | Jan 13, 2020 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | ||
| CVE-2019-12838 | — | < 2.34-7.26.2 | 2.34-7.26.2 | Jul 11, 2019 | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | ||
| CVE-2019-6438 | — | < 2.34-7.26.2 | 2.34-7.26.2 | Jan 31, 2019 | SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. | ||
| CVE-2018-10995 | — | < 2.34-7.26.2 | 2.34-7.26.2 | May 30, 2018 | SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | ||
| CVE-2018-7033 | — | < 2.34-7.26.2 | 2.34-7.26.2 | Mar 15, 2018 | SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | ||
| CVE-2017-15566 | Hig | 7.8 | < 2.34-7.26.2 | 2.34-7.26.2 | Nov 1, 2017 | Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | |
| CVE-2016-10030 | Hig | 8.1 | < 2.34-7.26.2 | 2.34-7.26.2 | Jan 5, 2017 | The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an a |
- CVE-2022-31251Sep 7, 2022affected < 2.34-7.35.3fixed 2.34-7.35.3
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
- CVE-2022-29500May 5, 2022affected < 2.34-7.35.3fixed 2.34-7.35.3
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
- CVE-2022-29501May 5, 2022affected < 2.34-7.35.3fixed 2.34-7.35.3
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
- CVE-2022-29502May 5, 2022affected < 2.34-7.35.3fixed 2.34-7.35.3
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
- CVE-2021-43337Nov 17, 2021affected < 2.34-7.35.3fixed 2.34-7.35.3
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have acces
- CVE-2020-27746Nov 27, 2020affected < 2.34-7.32.1fixed 2.34-7.32.1
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
- CVE-2020-27745Nov 27, 2020affected < 2.34-7.32.1fixed 2.34-7.32.1
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
- CVE-2020-12693May 21, 2020affected < 2.34-7.26.2fixed 2.34-7.26.2
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
- CVE-2019-19727Jan 13, 2020affected < 2.34-7.26.2fixed 2.34-7.26.2
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
- CVE-2019-19728Jan 13, 2020affected < 2.34-7.26.2fixed 2.34-7.26.2
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
- CVE-2019-12838Jul 11, 2019affected < 2.34-7.26.2fixed 2.34-7.26.2
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
- CVE-2019-6438Jan 31, 2019affected < 2.34-7.26.2fixed 2.34-7.26.2
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.
- CVE-2018-10995May 30, 2018affected < 2.34-7.26.2fixed 2.34-7.26.2
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
- CVE-2018-7033Mar 15, 2018affected < 2.34-7.26.2fixed 2.34-7.26.2
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
- affected < 2.34-7.26.2fixed 2.34-7.26.2
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
- affected < 2.34-7.26.2fixed 2.34-7.26.2
The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an a