rpm package
suse/slurm&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS
pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31251 | — | < 17.11.13-150000.6.40.1 | 17.11.13-150000.6.40.1 | Sep 7, 2022 | A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | ||
| CVE-2022-29500 | — | < 17.11.13-150000.6.40.1 | 17.11.13-150000.6.40.1 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | ||
| CVE-2022-29501 | — | < 17.11.13-150000.6.40.1 | 17.11.13-150000.6.40.1 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | ||
| CVE-2021-31215 | — | < 17.11.13-6.37.1 | 17.11.13-6.37.1 | May 13, 2021 | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | ||
| CVE-2020-27746 | — | < 17.11.13-6.34.1 | 17.11.13-6.34.1 | Nov 27, 2020 | Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | ||
| CVE-2020-27745 | — | < 17.11.13-6.34.1 | 17.11.13-6.34.1 | Nov 27, 2020 | Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | ||
| CVE-2020-12693 | — | < 17.11.13-6.31.1 | 17.11.13-6.31.1 | May 21, 2020 | Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | ||
| CVE-2019-19727 | — | < 17.11.13-6.31.1 | 17.11.13-6.31.1 | Jan 13, 2020 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. |
- CVE-2022-31251Sep 7, 2022affected < 17.11.13-150000.6.40.1fixed 17.11.13-150000.6.40.1
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
- CVE-2022-29500May 5, 2022affected < 17.11.13-150000.6.40.1fixed 17.11.13-150000.6.40.1
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
- CVE-2022-29501May 5, 2022affected < 17.11.13-150000.6.40.1fixed 17.11.13-150000.6.40.1
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
- CVE-2021-31215May 13, 2021affected < 17.11.13-6.37.1fixed 17.11.13-6.37.1
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
- CVE-2020-27746Nov 27, 2020affected < 17.11.13-6.34.1fixed 17.11.13-6.34.1
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
- CVE-2020-27745Nov 27, 2020affected < 17.11.13-6.34.1fixed 17.11.13-6.34.1
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
- CVE-2020-12693May 21, 2020affected < 17.11.13-6.31.1fixed 17.11.13-6.31.1
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
- CVE-2019-19727Jan 13, 2020affected < 17.11.13-6.31.1fixed 17.11.13-6.31.1
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.