Slurm Schedmd Slurm

Do you want an email whenever new security vulnerabilities are reported in Schedmd Slurm?

By the Year

In 2021 there have been 1 vulnerability in Schedmd Slurm with an average score of 8.8 out of ten. Last year Slurm had 5 security vulnerabilities published. Right now, Slurm is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 1.88.

Year Vulnerabilities Average Score
2021 1 8.80
2020 5 6.92
2019 2 9.80
2018 2 7.55

It may take a day or so for new Slurm vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Schedmd Slurm Security Vulnerabilities

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7

CVE-2021-31215 8.8 - High - May 13, 2021

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor

CVE-2020-27746 3.7 - Low - November 27, 2020

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

Insecure Storage of Sensitive Information

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

CVE-2020-27745 9.8 - Critical - November 27, 2020

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

Classic Buffer Overflow

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled

CVE-2020-12693 8.1 - High - May 21, 2020

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

CVE-2019-19727 5.5 - Medium - January 13, 2020

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

Incorrect Permission Assignment for Critical Resource

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

CVE-2019-19728 7.5 - High - January 13, 2020

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

Improper Privilege Management

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0

CVE-2019-12838 9.8 - Critical - July 11, 2019

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

SQL Injection

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

CVE-2019-6438 9.8 - Critical - January 31, 2019

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

CVE-2018-10995 5.3 - Medium - May 30, 2018

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

Improper Input Validation

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5

CVE-2018-7033 9.8 - Critical - March 15, 2018

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Schedmd? Click the Watch button to subscribe.

Schedmd
Vendor

Schedmd Slurm
Product

subscribe