Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/91845?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "type": "deb", "namespace": "debian", "name": "condor", "version": "23.9.6+dfsg-2.1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "25.10.1+dfsg-2", "latest_non_vulnerable_version": "25.10.1+dfsg-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65268?format=api", "vulnerability_id": "VCID-2qkz-12c6-fqh6", "summary": "The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3490.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02073", "scoring_system": "epss", "scoring_elements": "0.84264", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02073", "scoring_system": "epss", "scoring_elements": "0.84287", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3490" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210", "reference_id": "688210", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=848212", "reference_id": "848212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=848212" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91848?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3490" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qkz-12c6-fqh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65261?format=api", "vulnerability_id": "VCID-3wyh-wksy-2kaf", "summary": "Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3828.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43921", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43992", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3828" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463990", "reference_id": "463990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463990" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0911", "reference_id": "RHSA-2008:0911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0924", "reference_id": "RHSA-2008:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0924" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-3828" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wyh-wksy-2kaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65272?format=api", "vulnerability_id": "VCID-6z58-b8tk-pbgy", "summary": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72107", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72147", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850", "reference_id": "860850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0564", "reference_id": "RHSA-2013:0564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0565", "reference_id": "RHSA-2013:0565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0565" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4462" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6z58-b8tk-pbgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65280?format=api", "vulnerability_id": "VCID-8bqt-w36a-pqgq", "summary": "condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02768", "scoring_system": "epss", "scoring_elements": "0.86304", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02768", "scoring_system": "epss", "scoring_elements": "0.86325", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25311" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-25311" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqt-w36a-pqgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65266?format=api", "vulnerability_id": "VCID-8r3t-k9tx-skaa", "summary": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4930.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4930.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26901", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27003", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548", "reference_id": "759548", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0099", "reference_id": "RHSA-2012:0099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0100", "reference_id": "RHSA-2012:0100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0100" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4930" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8r3t-k9tx-skaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65267?format=api", "vulnerability_id": "VCID-8wz4-xz23-aqch", "summary": "Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01876", "scoring_system": "epss", "scoring_elements": "0.83474", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01876", "scoring_system": "epss", "scoring_elements": "0.83498", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3416" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685366", "reference_id": "685366", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=841175", "reference_id": "841175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1168", "reference_id": "RHSA-2012:1168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1169", "reference_id": "RHSA-2012:1169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1169" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91847?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3416" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wz4-xz23-aqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65286?format=api", "vulnerability_id": "VCID-8xku-uyx1-eycb", "summary": "An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63812", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63854", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26110" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008634", "reference_id": "1008634", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91853?format=api", "purl": "pkg:deb/debian/condor@23.2.0%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.2.0%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-26110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xku-uyx1-eycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65271?format=api", "vulnerability_id": "VCID-93xk-hds8-abde", "summary": "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3493.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73801", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210", "reference_id": "688210", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222", "reference_id": "848222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1278", "reference_id": "RHSA-2012:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1281", "reference_id": "RHSA-2012:1281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91848?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3493" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93xk-hds8-abde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65264?format=api", "vulnerability_id": "VCID-9a75-uh4f-sfga", "summary": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.81029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.81057", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4133" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371", "reference_id": "544371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1688", "reference_id": "RHSA-2009:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1689", "reference_id": "RHSA-2009:1689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1689" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-4133" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9a75-uh4f-sfga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65269?format=api", "vulnerability_id": "VCID-bcj2-fcpf-zkgm", "summary": "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78574", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3491" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210", "reference_id": "688210", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214", "reference_id": "848214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1278", "reference_id": "RHSA-2012:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1281", "reference_id": "RHSA-2012:1281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91848?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3491" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcj2-fcpf-zkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65279?format=api", "vulnerability_id": "VCID-ckkz-17cn-57d7", "summary": "HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02816", "scoring_system": "epss", "scoring_elements": "0.86414", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02816", "scoring_system": "epss", "scoring_elements": "0.86436", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963777", "reference_id": "963777", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963777" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91853?format=api", "purl": "pkg:deb/debian/condor@23.2.0%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.2.0%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18823" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckkz-17cn-57d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65265?format=api", "vulnerability_id": "VCID-d3uz-8gp4-f7eg", "summary": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.7056", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70602", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-5136" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-5136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3uz-8gp4-f7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65274?format=api", "vulnerability_id": "VCID-db8b-8h8h-ruer", "summary": "Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to \"error checking of system calls.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5197.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00723", "scoring_system": "epss", "scoring_elements": "0.72915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00723", "scoring_system": "epss", "scoring_elements": "0.72952", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869803", "reference_id": "869803", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869803" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91848?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5197" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db8b-8h8h-ruer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65285?format=api", "vulnerability_id": "VCID-dnqz-u8yk-mkhw", "summary": "An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29902", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29971", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45104" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45104" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnqz-u8yk-mkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65262?format=api", "vulnerability_id": "VCID-e9jr-9uqp-8beg", "summary": "Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01076", "scoring_system": "epss", "scoring_elements": "0.78141", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01076", "scoring_system": "epss", "scoring_elements": "0.78168", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463995", "reference_id": "463995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463995" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0911", "reference_id": "RHSA-2008:0911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0924", "reference_id": "RHSA-2008:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0924" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-3829" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9jr-9uqp-8beg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65273?format=api", "vulnerability_id": "VCID-ewkr-f9td-u7fr", "summary": "Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.74051", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.74085", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869786", "reference_id": "869786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869786" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91848?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5196" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewkr-f9td-u7fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65284?format=api", "vulnerability_id": "VCID-gajc-mkpp-wugv", "summary": "An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.5185", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51908", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45103" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45103" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gajc-mkpp-wugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65277?format=api", "vulnerability_id": "VCID-gdk7-jfy6-xuee", "summary": "The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8126.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78736", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78761", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8126" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169800", "reference_id": "1169800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169800" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775276", "reference_id": "775276", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0035", "reference_id": "RHSA-2015:0035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0036", "reference_id": "RHSA-2015:0036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0036" }, { "reference_url": "https://usn.ubuntu.com/USN-4771-1/", "reference_id": "USN-USN-4771-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4771-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91851?format=api", "purl": "pkg:deb/debian/condor@8.2.3~dfsg.1-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@8.2.3~dfsg.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8126" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk7-jfy6-xuee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65270?format=api", "vulnerability_id": "VCID-gxrq-4kmm-uufh", "summary": "The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3492.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72338", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00698", "scoring_system": "epss", "scoring_elements": "0.72379", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3492" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210", "reference_id": "688210", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=848218", "reference_id": "848218", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=848218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1278", "reference_id": "RHSA-2012:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1281", "reference_id": "RHSA-2012:1281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91848?format=api", "purl": "pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3492" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxrq-4kmm-uufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65282?format=api", "vulnerability_id": "VCID-h2cu-k9rj-7bgx", "summary": "An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58721", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58767", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45101" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002540", "reference_id": "1002540", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002540" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91853?format=api", "purl": "pkg:deb/debian/condor@23.2.0%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.2.0%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45101" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2cu-k9rj-7bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65287?format=api", "vulnerability_id": "VCID-jpxc-qkk2-y3bk", "summary": "HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08743", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30093" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101498", "reference_id": "1101498", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101498" }, { "reference_url": "https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html", "reference_id": "HTCONDOR-2025-0001.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:18:26Z/" } ], "url": "https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91854?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-30093" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpxc-qkk2-y3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65263?format=api", "vulnerability_id": "VCID-k7yw-geuf-mudp", "summary": "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3830.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18179", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18256", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463997", "reference_id": "463997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0911", "reference_id": "RHSA-2008:0911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0924", "reference_id": "RHSA-2008:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0924" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-3830" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7yw-geuf-mudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65259?format=api", "vulnerability_id": "VCID-kn3v-pd3n-9ffq", "summary": "Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3424.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.71113", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.71156", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3424" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=457372", "reference_id": "457372", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0814", "reference_id": "RHSA-2008:0814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0816", "reference_id": "RHSA-2008:0816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0816" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-3424" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kn3v-pd3n-9ffq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65276?format=api", "vulnerability_id": "VCID-mtcz-fwqm-a7df", "summary": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4255.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72546", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72586", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4255" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721693", "reference_id": "721693", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721693" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401", "reference_id": "919401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1171", "reference_id": "RHSA-2013:1171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1172", "reference_id": "RHSA-2013:1172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1172" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91850?format=api", "purl": "pkg:deb/debian/condor@8.0.5~dfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@8.0.5~dfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4255" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtcz-fwqm-a7df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65278?format=api", "vulnerability_id": "VCID-r7bx-7c44-d3e8", "summary": "The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16816.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16816.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70858", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508887", "reference_id": "1508887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508887" }, { "reference_url": "https://usn.ubuntu.com/USN-4771-1/", "reference_id": "USN-USN-4771-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4771-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91852?format=api", "purl": "pkg:deb/debian/condor@8.6.8~dfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@8.6.8~dfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16816" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7bx-7c44-d3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65275?format=api", "vulnerability_id": "VCID-rvja-pvbf-97d3", "summary": "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5390.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.8347", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=894481", "reference_id": "894481", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894481" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5390" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvja-pvbf-97d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65288?format=api", "vulnerability_id": "VCID-rxze-twwv-kkhg", "summary": "HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01462", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66433" }, { "reference_url": "https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0002.html", "reference_id": "HTCONDOR-2025-0002.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:56Z/" } ], "url": "https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0002.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66433" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxze-twwv-kkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65283?format=api", "vulnerability_id": "VCID-y6d4-x6z5-hqew", "summary": "An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57133", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57185", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45102" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6d4-x6z5-hqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65260?format=api", "vulnerability_id": "VCID-ze7m-y99j-kqbq", "summary": "Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3826.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3826" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463987", "reference_id": "463987", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0911", "reference_id": "RHSA-2008:0911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0924", "reference_id": "RHSA-2008:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0924" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-3826" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze7m-y99j-kqbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65281?format=api", "vulnerability_id": "VCID-zxsx-xrn8-v3dy", "summary": "HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64591", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64633", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25312" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91844?format=api", "purl": "pkg:deb/debian/condor@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91845?format=api", "purl": "pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91843?format=api", "purl": "pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-25312" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsx-xrn8-v3dy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie" }