Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Slurm
(Schedmd)Repositories | https://github.com/SchedMD/slurm |
#Vulnerabilities | 23 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-01-31 | CVE-2019-6438 | SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. | Leap, Slurm | 9.8 | ||
2020-01-13 | CVE-2019-19727 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | Leap, Slurm | N/A | ||
2017-11-01 | CVE-2017-15566 | Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | Slurm | 7.8 | ||
2018-03-15 | CVE-2018-7033 | SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | Debian_linux, Slurm | 9.8 | ||
2018-05-30 | CVE-2018-10995 | SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | Debian_linux, Slurm | 5.3 | ||
2017-01-05 | CVE-2016-10030 | The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects... | Slurm | 8.1 |