Search for packages
| purl | pkg:deb/debian/condor@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-153e-ka9n-eydy | An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. |
CVE-2021-45102
|
| VCID-1q6e-935y-puh5 | HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. |
CVE-2021-25312
|
| VCID-8k4z-8t2z-a3ew | HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3. |
CVE-2025-66433
|
| VCID-9ury-14he-1qbg | condor: users can run jobs with arbitrary owners |
CVE-2008-3826
|
| VCID-ee1r-3kks-8uen | Condor: queue super user cannot drop privs |
CVE-2009-4133
|
| VCID-fdhn-w5fd-zuem | condor: allow or deny with overlapping netmasks may be ignored |
CVE-2008-3830
|
| VCID-g86f-7ywp-sya5 | condor: incorrect handling of wild cards in authorization lists |
CVE-2008-3424
|
| VCID-jftp-4vmf-dyg1 | condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root. |
CVE-2021-25311
|
| VCID-kvba-wgcs-xbd7 | condor: denial of service attack on Schedd via corrupt logfile |
CVE-2008-3829
|
| VCID-nkcc-sjac-dkcn | Condor: Multiple format string flaws |
CVE-2011-4930
|
| VCID-q7ww-nrcw-zkcn | An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data. |
CVE-2021-45104
|
| VCID-t7ft-uyts-kbgc | condor: privilege escalation via jobs submitted to the standard universe (CONDOR-2012-0003) |
CVE-2012-5390
|
| VCID-t9j5-gkyc-gbhw | condor: DoS when removing jobs via jobcontrol.py when job id is in square brackets |
CVE-2012-4462
|
| VCID-w4bg-xh3m-8qcb | The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. |
CVE-2009-5136
|
| VCID-x9xb-pzmk-zuch | condor: buffer overflow in lookup_macro |
CVE-2008-3828
|
| VCID-ztyg-r17a-mkfu | An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer. |
CVE-2021-45103
|