VYPR
Vendor

Llnl

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2020-36770CriJan 15, 2024
    risk 0.64cvss 9.8epss 0.00

    pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.

  • CVE-2020-27745CriNov 27, 2020
    risk 0.64cvss 9.8epss 0.02

    Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

  • CVE-2022-31251MedSep 7, 2022
    risk 0.42cvss 6.5epss 0.00

    A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

  • CVE-2020-27746LowNov 27, 2020
    risk 0.24cvss 3.7epss 0.01

    Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

  • CVE-2010-3380Sep 29, 2010
    risk 0.00cvss epss 0.00

    The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

  • CVE-2009-2084Jun 16, 2009
    risk 0.00cvss epss 0.00

    Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain…

  • CVE-2009-0128Jan 15, 2009
    risk 0.00cvss epss 0.01

    plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a…