rpm package

suse/slurm_22_05&distro=SUSE Linux Enterprise Module for HPC 12

pkg:rpm/suse/slurm_22_05&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012

Vulnerabilities (11)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-43904	Med	4.2	< 22.05.11-3.12.1	22.05.11-3.12.1	Jan 16, 2026	In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
CVE-2023-49938		—	< 22.05.11-3.9.1	22.05.11-3.9.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11
CVE-2023-49937		—	< 22.05.11-3.9.1	22.05.11-3.9.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49936		—	< 22.05.11-3.9.1	22.05.11-3.9.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49933		—	< 22.05.11-3.9.1	22.05.11-3.9.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions ar
CVE-2023-41914		—	< 22.05.10-3.6.1	22.05.10-3.6.1	Nov 3, 2023	SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
CVE-2022-31251		—	< 22.05.5-3.3.5	22.05.5-3.3.5	Sep 7, 2022	A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
CVE-2022-29500		—	< 22.05.5-3.3.5	22.05.5-3.3.5	May 5, 2022	SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
CVE-2022-29501		—	< 22.05.5-3.3.5	22.05.5-3.3.5	May 5, 2022	SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
CVE-2022-29502		—	< 22.05.5-3.3.5	22.05.5-3.3.5	May 5, 2022	SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
CVE-2021-43337		—	< 22.05.5-3.3.5	22.05.5-3.3.5	Nov 17, 2021	SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have acces

CVE-2025-43904MedJan 16, 2026
affected < 22.05.11-3.12.1fixed 22.05.11-3.12.1
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
CVE-2023-49938Dec 14, 2023
affected < 22.05.11-3.9.1fixed 22.05.11-3.9.1
An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11
CVE-2023-49937Dec 14, 2023
affected < 22.05.11-3.9.1fixed 22.05.11-3.9.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49936Dec 14, 2023
affected < 22.05.11-3.9.1fixed 22.05.11-3.9.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49933Dec 14, 2023
affected < 22.05.11-3.9.1fixed 22.05.11-3.9.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions ar
CVE-2023-41914Nov 3, 2023
affected < 22.05.10-3.6.1fixed 22.05.10-3.6.1
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
CVE-2022-31251Sep 7, 2022
affected < 22.05.5-3.3.5fixed 22.05.5-3.3.5
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
CVE-2022-29500May 5, 2022
affected < 22.05.5-3.3.5fixed 22.05.5-3.3.5
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
CVE-2022-29501May 5, 2022
affected < 22.05.5-3.3.5fixed 22.05.5-3.3.5
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
CVE-2022-29502May 5, 2022
affected < 22.05.5-3.3.5fixed 22.05.5-3.3.5
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
CVE-2021-43337Nov 17, 2021
affected < 22.05.5-3.3.5fixed 22.05.5-3.3.5
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have acces