Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Slurm vulnerability (USN-8197-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8197-1 advisory. It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow...

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

CVE-2025-43904

CVE-2025-43904 affects Slurm’s accounting subsystem before versions 24.11.5, 24.05.8, and 23.11.11. The issue allows a user with Coordinator privileges to promote another user to Administrator, representing an elevation of privilege in the accounting workflow. Documents from multiple vendors/advi...

EUVD-2009-0137

Malware in sbrugna...

EUVD-2009-2080

Malware in sbrugna...

EUVD-2019-9329

Malware in sbrugna...

EUVD-2020-4985

Malware in sbrugna...

EUVD-2020-20250

Malware in sbrugna...

EUVD-2020-24211

Malware in sbrugna...

EUVD-2016-1227

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-19728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. CVE-2019-19728 Note that Nessus relies on the presence of th...

CVE-2020-36770

pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

Gentoo Security Vulnerabilities

Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo ebuild for Slurm 22.05.3 and earlier versions, which stems from the fact that pkgpostinst can call chown to assign ownership of files in the root filesystem...

DEBIAN-CVE-2023-49938

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7...

DEBIAN-CVE-2023-49936

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1...

PT-2023-28164 · Schedmd +2 · Slurm +2

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 23.02.x through 23.02.5 SchedMD Slurm versions 22.05.x through 22.05.9 Description: The issue allows filesystem race conditions, which can be exploited to gain ownership of a file, overwrite a file, or delete files...

SUSE CVE-2016-10030

The prologerror function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...