rpm package

suse/slurm_23_02&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Vulnerabilities (6)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-43904	Med	4.2	< 23.02.7-150300.7.20.1	23.02.7-150300.7.20.1	Jan 16, 2026	In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
CVE-2023-49938		—	< 23.02.7-150300.7.17.1	23.02.7-150300.7.17.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11
CVE-2023-49937		—	< 23.02.7-150300.7.17.1	23.02.7-150300.7.17.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49936		—	< 23.02.7-150300.7.17.1	23.02.7-150300.7.17.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49935		—	< 23.02.7-150300.7.17.1	23.02.7-150300.7.17.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes th
CVE-2023-49933		—	< 23.02.7-150300.7.17.1	23.02.7-150300.7.17.1	Dec 14, 2023	An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions ar

CVE-2025-43904MedJan 16, 2026
affected < 23.02.7-150300.7.20.1fixed 23.02.7-150300.7.20.1
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
CVE-2023-49938Dec 14, 2023
affected < 23.02.7-150300.7.17.1fixed 23.02.7-150300.7.17.1
An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11
CVE-2023-49937Dec 14, 2023
affected < 23.02.7-150300.7.17.1fixed 23.02.7-150300.7.17.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49936Dec 14, 2023
affected < 23.02.7-150300.7.17.1fixed 23.02.7-150300.7.17.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVE-2023-49935Dec 14, 2023
affected < 23.02.7-150300.7.17.1fixed 23.02.7-150300.7.17.1
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes th
CVE-2023-49933Dec 14, 2023
affected < 23.02.7-150300.7.17.1fixed 23.02.7-150300.7.17.1
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions ar