Schedmd Slurm
25 CVEs affecting Schedmd Slurm. Latest disclosed: 2026-01-16. Critical: 7, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-49937 | Critical | 9.8 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute a… |
CVE-2023-49934 | Critical | 9.8 | 2023-12-14 | An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. |
CVE-2022-29502 | Critical | 9.8 | 2022-05-05 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. |
CVE-2020-27745 | Critical | 9.8 | 2020-11-27 | Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. |
CVE-2019-12838 | Critical | 9.8 | 2019-07-11 | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. |
CVE-2019-6438 | Critical | 9.8 | 2019-01-31 | SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. |
CVE-2018-7033 | Critical | 9.8 | 2018-03-15 | SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. |
CVE-2023-49935 | High | 8.8 | 2023-12-14 | An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can r… |
CVE-2022-29501 | High | 8.8 | 2022-05-05 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. |
CVE-2022-29500 | High | 8.8 | 2022-05-05 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. |
CVE-2021-31215 | High | 8.8 | 2021-05-13 | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlu… |
CVE-2023-49938 | High | 8.2 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is use… |
CVE-2020-12693 | High | 8.1 | 2020-05-21 | Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate P… |
CVE-2016-10030 | High | 8.1 | 2017-01-05 | The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd da… |
CVE-2017-15566 | High | 7.8 | 2017-11-01 | Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege es… |
CVE-2023-49936 | High | 7.5 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11… |
CVE-2023-49933 | High | 7.5 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communicati… |
CVE-2019-19728 | High | 7.5 | 2020-01-13 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. |
CVE-2023-41914 | High | 7.0 | 2023-11-03 | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or dele… |
CVE-2021-43337 | Medium | 6.5 | 2021-11-17 | SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access co… |