CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:schedmd:slurm:17.11.4.1:*:*:*:*:*:*:*
Informations
Vendor
schedmdProduct
slurmVersion
17.11.4.1Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | 8.8 |
High |
||
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | 8.8 |
High |
||
| SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | 8.8 |
High |
||
| Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | 3.7 |
Low |
||
| Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | 9.8 |
Critical |
||
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | 5.5 |
Medium |
||
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | 7.5 |
High |
||
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | 9.8 |
Critical |
||
| SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | 5.3 |
Medium |
||
| SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | 9.8 |
Critical |
2025©
tesweb SA
