{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","type":"deb","namespace":"debian","name":"condor","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.8.2~dfsg.1-1","latest_non_vulnerable_version":"25.10.1+dfsg-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212370?format=json","vulnerability_id":"VCID-4qfp-6dgv-kubb","summary":"aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4462","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72199","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72282","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=860850","reference_id":"860850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=860850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0564","reference_id":"RHSA-2013:0564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0565","reference_id":"RHSA-2013:0565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0565"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4462"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfp-6dgv-kubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212376?format=json","vulnerability_id":"VCID-5pbs-212n-9ffy","summary":"condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25311","reference_id":"","reference_type":"","scores":[{"value":"0.02768","scoring_system":"epss","scoring_elements":"0.86353","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02768","scoring_system":"epss","scoring_elements":"0.86404","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25311"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-25311"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pbs-212n-9ffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212359?format=json","vulnerability_id":"VCID-8yny-2tvr-rqbc","summary":"Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3828.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3828","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44007","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44161","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3828"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463990","reference_id":"463990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3828"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yny-2tvr-rqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212360?format=json","vulnerability_id":"VCID-9hzv-b5dt-kqgj","summary":"Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3829","reference_id":"","reference_type":"","scores":[{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78214","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78281","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463995","reference_id":"463995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463995"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3829"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzv-b5dt-kqgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212358?format=json","vulnerability_id":"VCID-b9fw-f7v9-kbek","summary":"Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3826.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3826.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3826","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23045","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23241","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463987","reference_id":"463987","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3826"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9fw-f7v9-kbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212357?format=json","vulnerability_id":"VCID-ef2f-mqns-rfd2","summary":"Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3424.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71213","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71302","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=457372","reference_id":"457372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=457372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0814","reference_id":"RHSA-2008:0814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0816","reference_id":"RHSA-2008:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3424"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef2f-mqns-rfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212381?format=json","vulnerability_id":"VCID-emuh-myrd-vyfc","summary":"An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45104","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29917","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30114","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45104"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45104"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emuh-myrd-vyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212363?format=json","vulnerability_id":"VCID-g68k-t56q-37h6","summary":"The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5136","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70666","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70756","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2009-5136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g68k-t56q-37h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212362?format=json","vulnerability_id":"VCID-gpyt-n868-hbe6","summary":"Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4133","reference_id":"","reference_type":"","scores":[{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81111","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81171","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4133"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=544371","reference_id":"544371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=544371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1688","reference_id":"RHSA-2009:1688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1689","reference_id":"RHSA-2009:1689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1689"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2009-4133"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpyt-n868-hbe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212377?format=json","vulnerability_id":"VCID-jegq-w7mm-3uhx","summary":"HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25312","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64697","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64799","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-25312"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jegq-w7mm-3uhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212364?format=json","vulnerability_id":"VCID-my1q-ztsh-b3gd","summary":"Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4930.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4930.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4930","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2695","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27153","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4930"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=759548","reference_id":"759548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=759548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0099","reference_id":"RHSA-2012:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0100","reference_id":"RHSA-2012:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-4930"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-my1q-ztsh-b3gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212361?format=json","vulnerability_id":"VCID-n5zy-8ew7-53am","summary":"Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3830.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3830","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18251","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18414","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463997","reference_id":"463997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3830"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5zy-8ew7-53am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212373?format=json","vulnerability_id":"VCID-npgp-car1-vuf5","summary":"The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5390.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5390","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83533","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83592","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=894481","reference_id":"894481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=894481"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npgp-car1-vuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212379?format=json","vulnerability_id":"VCID-pbpa-gvnv-mffz","summary":"An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45102","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57259","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57378","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbpa-gvnv-mffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212380?format=json","vulnerability_id":"VCID-qn26-5tgy-9kfj","summary":"An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45103","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51951","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.52081","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45103"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn26-5tgy-9kfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94830?format=json","vulnerability_id":"VCID-y9ff-gxs3-dbbc","summary":"HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66433","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01464","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01466","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66433"},{"reference_url":"https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0002.html","reference_id":"HTCONDOR-2025-0002.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:56Z/"}],"url":"https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0002.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35295?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35296?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35294?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-66433"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9ff-gxs3-dbbc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"}