This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Schedmd First view 2018-05-30
Product Slurm Last view 2021-05-13
Version 17.11.5.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:schedmd:slurm

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2021-05-13 CVE-2021-31215

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

3.7 2020-11-27 CVE-2020-27746

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

9.8 2020-11-27 CVE-2020-27745

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

8.1 2020-05-21 CVE-2020-12693

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

7.5 2020-01-13 CVE-2019-19728

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

5.5 2020-01-13 CVE-2019-19727

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

9.8 2019-07-11 CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

9.8 2019-01-31 CVE-2019-6438

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

5.3 2018-05-30 CVE-2018-10995

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
20% (1) CWE-269 Improper Privilege Management
20% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
20% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
20% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d54c4f6452.nasl - Type: ACT_GATHER_INFO
2018-07-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4254.nasl - Type: ACT_GATHER_INFO
2018-07-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1437.nasl - Type: ACT_GATHER_INFO
2018-06-18 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3a66cb69716f11e8be543085a9a47796.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8f5a50e4d7.nasl - Type: ACT_GATHER_INFO