rpm package
suse/slurm_22_05&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49938 | — | < 22.05.11-150200.5.9.1 | 22.05.11-150200.5.9.1 | Dec 14, 2023 | An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 | ||
| CVE-2023-49937 | — | < 22.05.11-150200.5.9.1 | 22.05.11-150200.5.9.1 | Dec 14, 2023 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | ||
| CVE-2023-49936 | — | < 22.05.11-150200.5.9.1 | 22.05.11-150200.5.9.1 | Dec 14, 2023 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | ||
| CVE-2023-49933 | — | < 22.05.11-150200.5.9.1 | 22.05.11-150200.5.9.1 | Dec 14, 2023 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions ar | ||
| CVE-2023-41914 | — | < 22.05.10-150200.5.6.1 | 22.05.10-150200.5.6.1 | Nov 3, 2023 | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | ||
| CVE-2022-31251 | — | < 22.05.5-150200.5.3.2 | 22.05.5-150200.5.3.2 | Sep 7, 2022 | A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | ||
| CVE-2022-29500 | — | < 22.05.5-150200.5.3.2 | 22.05.5-150200.5.3.2 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | ||
| CVE-2022-29501 | — | < 22.05.5-150200.5.3.2 | 22.05.5-150200.5.3.2 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | ||
| CVE-2022-29502 | — | < 22.05.5-150200.5.3.2 | 22.05.5-150200.5.3.2 | May 5, 2022 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. | ||
| CVE-2021-43337 | — | < 22.05.5-150200.5.3.2 | 22.05.5-150200.5.3.2 | Nov 17, 2021 | SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have acces |
- CVE-2023-49938Dec 14, 2023affected < 22.05.11-150200.5.9.1fixed 22.05.11-150200.5.9.1
An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11
- CVE-2023-49937Dec 14, 2023affected < 22.05.11-150200.5.9.1fixed 22.05.11-150200.5.9.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
- CVE-2023-49936Dec 14, 2023affected < 22.05.11-150200.5.9.1fixed 22.05.11-150200.5.9.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
- CVE-2023-49933Dec 14, 2023affected < 22.05.11-150200.5.9.1fixed 22.05.11-150200.5.9.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions ar
- CVE-2023-41914Nov 3, 2023affected < 22.05.10-150200.5.6.1fixed 22.05.10-150200.5.6.1
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
- CVE-2022-31251Sep 7, 2022affected < 22.05.5-150200.5.3.2fixed 22.05.5-150200.5.3.2
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
- CVE-2022-29500May 5, 2022affected < 22.05.5-150200.5.3.2fixed 22.05.5-150200.5.3.2
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
- CVE-2022-29501May 5, 2022affected < 22.05.5-150200.5.3.2fixed 22.05.5-150200.5.3.2
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
- CVE-2022-29502May 5, 2022affected < 22.05.5-150200.5.3.2fixed 22.05.5-150200.5.3.2
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
- CVE-2021-43337Nov 17, 2021affected < 22.05.5-150200.5.3.2fixed 22.05.5-150200.5.3.2
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have acces