Every CVE whose affected-product data names Schedmd Slurm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2023-49934 — CVSS 9.8 (critical): An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.
CVE-2018-7033 — CVSS 9.8 (critical): SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
CVE-2023-49937 — CVSS 9.8 (critical): An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service…
CVE-2022-29502 — CVSS 9.8 (critical): SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
CVE-2022-29500 — CVSS 8.8 (high): SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
CVE-2022-29501 — CVSS 8.8 (high): SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
CVE-2023-49935 — CVSS 8.8 (high): An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity…
CVE-2021-31215 — CVSS 8.8 (high): SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a…
CVE-2023-49938 — CVSS 8.2 (high): An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended…
CVE-2016-10030 — CVSS 8.1 (high): The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability…
CVE-2020-12693 — CVSS 8.1 (high): Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication…
CVE-2017-15566 — CVSS 7.8 (high): Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2…
CVE-2019-19728 — CVSS 7.5 (high): SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
CVE-2023-49933 — CVSS 7.5 (high): An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During…
CVE-2023-49936 — CVSS 7.5 (high): An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed…
CVE-2023-41914 — CVSS 7.0 (high): SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file…
CVE-2021-43337 — CVSS 6.5 (medium): SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env…
CVE-2018-10995 — CVSS 5.3 (medium): SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
CVE-2024-48936 — CVSS 5.0 (medium): SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to…
CVE-2020-27746 — CVSS 3.7 (low): Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is…