{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","type":"deb","namespace":"debian","name":"condor","version":"23.9.6+dfsg-2.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"25.10.1+dfsg-2","latest_non_vulnerable_version":"25.10.1+dfsg-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65268?format=json","vulnerability_id":"VCID-2qkz-12c6-fqh6","summary":"The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3490.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3490","reference_id":"","reference_type":"","scores":[{"value":"0.02073","scoring_system":"epss","scoring_elements":"0.84264","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02073","scoring_system":"epss","scoring_elements":"0.84287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02073","scoring_system":"epss","scoring_elements":"0.8429","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02073","scoring_system":"epss","scoring_elements":"0.84284","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3490"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210","reference_id":"688210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=848212","reference_id":"848212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=848212"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91848?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qkz-12c6-fqh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65261?format=json","vulnerability_id":"VCID-3wyh-wksy-2kaf","summary":"Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3828.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3828","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43921","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43992","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44001","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43976","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3828"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463990","reference_id":"463990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3828"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3wyh-wksy-2kaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65272?format=json","vulnerability_id":"VCID-6z58-b8tk-pbgy","summary":"aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4462","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72107","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72147","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72155","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72134","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=860850","reference_id":"860850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=860850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0564","reference_id":"RHSA-2013:0564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0565","reference_id":"RHSA-2013:0565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0565"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4462"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6z58-b8tk-pbgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65280?format=json","vulnerability_id":"VCID-8bqt-w36a-pqgq","summary":"condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25311","reference_id":"","reference_type":"","scores":[{"value":"0.02768","scoring_system":"epss","scoring_elements":"0.86304","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02768","scoring_system":"epss","scoring_elements":"0.86325","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02768","scoring_system":"epss","scoring_elements":"0.86327","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02768","scoring_system":"epss","scoring_elements":"0.86323","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25311"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-25311"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqt-w36a-pqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65266?format=json","vulnerability_id":"VCID-8r3t-k9tx-skaa","summary":"Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4930.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4930.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4930","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26901","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27003","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26996","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26957","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4930"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=759548","reference_id":"759548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=759548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0099","reference_id":"RHSA-2012:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0100","reference_id":"RHSA-2012:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-4930"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8r3t-k9tx-skaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65267?format=json","vulnerability_id":"VCID-8wz4-xz23-aqch","summary":"Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3416.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3416","reference_id":"","reference_type":"","scores":[{"value":"0.01876","scoring_system":"epss","scoring_elements":"0.83474","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01876","scoring_system":"epss","scoring_elements":"0.83498","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01876","scoring_system":"epss","scoring_elements":"0.83501","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01876","scoring_system":"epss","scoring_elements":"0.83497","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3416"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685366","reference_id":"685366","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=841175","reference_id":"841175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=841175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1168","reference_id":"RHSA-2012:1168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1169","reference_id":"RHSA-2012:1169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1169"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91847?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3416"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wz4-xz23-aqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65286?format=json","vulnerability_id":"VCID-8xku-uyx1-eycb","summary":"An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26110","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63812","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63854","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63861","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63852","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008634","reference_id":"1008634","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91853?format=json","purl":"pkg:deb/debian/condor@23.2.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.2.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-26110"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xku-uyx1-eycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65271?format=json","vulnerability_id":"VCID-93xk-hds8-abde","summary":"The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3493.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3493","reference_id":"","reference_type":"","scores":[{"value":"0.00765","scoring_system":"epss","scoring_elements":"0.73801","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00765","scoring_system":"epss","scoring_elements":"0.73838","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00765","scoring_system":"epss","scoring_elements":"0.73843","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00765","scoring_system":"epss","scoring_elements":"0.73829","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3493"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210","reference_id":"688210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=848222","reference_id":"848222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=848222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1278","reference_id":"RHSA-2012:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1281","reference_id":"RHSA-2012:1281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1281"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91848?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3493"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93xk-hds8-abde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65264?format=json","vulnerability_id":"VCID-9a75-uh4f-sfga","summary":"Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4133","reference_id":"","reference_type":"","scores":[{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81029","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81057","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81061","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4133"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=544371","reference_id":"544371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=544371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1688","reference_id":"RHSA-2009:1688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1689","reference_id":"RHSA-2009:1689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1689"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2009-4133"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9a75-uh4f-sfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65269?format=json","vulnerability_id":"VCID-bcj2-fcpf-zkgm","summary":"src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3491.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3491","reference_id":"","reference_type":"","scores":[{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78574","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78602","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.7861","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.786","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3491"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210","reference_id":"688210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=848214","reference_id":"848214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=848214"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1278","reference_id":"RHSA-2012:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1281","reference_id":"RHSA-2012:1281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1281"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91848?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3491"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcj2-fcpf-zkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65279?format=json","vulnerability_id":"VCID-ckkz-17cn-57d7","summary":"HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18823","reference_id":"","reference_type":"","scores":[{"value":"0.02816","scoring_system":"epss","scoring_elements":"0.86414","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02816","scoring_system":"epss","scoring_elements":"0.86436","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02816","scoring_system":"epss","scoring_elements":"0.86437","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02816","scoring_system":"epss","scoring_elements":"0.86433","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963777","reference_id":"963777","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963777"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91853?format=json","purl":"pkg:deb/debian/condor@23.2.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.2.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-18823"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ckkz-17cn-57d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65265?format=json","vulnerability_id":"VCID-d3uz-8gp4-f7eg","summary":"The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5136","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7056","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70602","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70612","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70594","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2009-5136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3uz-8gp4-f7eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65274?format=json","vulnerability_id":"VCID-db8b-8h8h-ruer","summary":"Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to \"error checking of system calls.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5197.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5197","reference_id":"","reference_type":"","scores":[{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72915","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72952","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.7296","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72942","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869803","reference_id":"869803","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869803"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91848?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db8b-8h8h-ruer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65285?format=json","vulnerability_id":"VCID-dnqz-u8yk-mkhw","summary":"An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45104","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29902","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29933","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45104"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45104"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnqz-u8yk-mkhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65262?format=json","vulnerability_id":"VCID-e9jr-9uqp-8beg","summary":"Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3829","reference_id":"","reference_type":"","scores":[{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78168","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78175","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78166","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463995","reference_id":"463995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463995"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3829"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9jr-9uqp-8beg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65273?format=json","vulnerability_id":"VCID-ewkr-f9td-u7fr","summary":"Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5196","reference_id":"","reference_type":"","scores":[{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74085","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74089","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74075","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869786","reference_id":"869786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869786"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91848?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5196"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewkr-f9td-u7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65284?format=json","vulnerability_id":"VCID-gajc-mkpp-wugv","summary":"An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45103","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.5185","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51917","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51897","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45103"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gajc-mkpp-wugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65277?format=json","vulnerability_id":"VCID-gdk7-jfy6-xuee","summary":"The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8126.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8126","reference_id":"","reference_type":"","scores":[{"value":"0.01138","scoring_system":"epss","scoring_elements":"0.78736","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01138","scoring_system":"epss","scoring_elements":"0.78761","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01138","scoring_system":"epss","scoring_elements":"0.78768","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01138","scoring_system":"epss","scoring_elements":"0.78759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8126"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1169800","reference_id":"1169800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1169800"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775276","reference_id":"775276","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0035","reference_id":"RHSA-2015:0035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0036","reference_id":"RHSA-2015:0036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0036"},{"reference_url":"https://usn.ubuntu.com/USN-4771-1/","reference_id":"USN-USN-4771-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4771-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91851?format=json","purl":"pkg:deb/debian/condor@8.2.3~dfsg.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@8.2.3~dfsg.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2014-8126"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk7-jfy6-xuee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65270?format=json","vulnerability_id":"VCID-gxrq-4kmm-uufh","summary":"The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3492.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3492","reference_id":"","reference_type":"","scores":[{"value":"0.00698","scoring_system":"epss","scoring_elements":"0.72338","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00698","scoring_system":"epss","scoring_elements":"0.72379","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00698","scoring_system":"epss","scoring_elements":"0.72385","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00698","scoring_system":"epss","scoring_elements":"0.72365","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210","reference_id":"688210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=848218","reference_id":"848218","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=848218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1278","reference_id":"RHSA-2012:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1281","reference_id":"RHSA-2012:1281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1281"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91848?format=json","purl":"pkg:deb/debian/condor@7.8.2~dfsg.1-1%2Bdeb7u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@7.8.2~dfsg.1-1%252Bdeb7u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3492"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxrq-4kmm-uufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65282?format=json","vulnerability_id":"VCID-h2cu-k9rj-7bgx","summary":"An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45101","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58721","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58767","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58772","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58764","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45101"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002540","reference_id":"1002540","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002540"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91853?format=json","purl":"pkg:deb/debian/condor@23.2.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.2.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45101"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2cu-k9rj-7bgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65287?format=json","vulnerability_id":"VCID-jpxc-qkk2-y3bk","summary":"HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30093","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08743","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08758","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08738","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30093"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101498","reference_id":"1101498","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101498"},{"reference_url":"https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html","reference_id":"HTCONDOR-2025-0001.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T15:18:26Z/"}],"url":"https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91854?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-30093"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpxc-qkk2-y3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65263?format=json","vulnerability_id":"VCID-k7yw-geuf-mudp","summary":"Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3830.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3830","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18179","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18256","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1826","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18222","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463997","reference_id":"463997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3830"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7yw-geuf-mudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65259?format=json","vulnerability_id":"VCID-kn3v-pd3n-9ffq","summary":"Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3424.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71113","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71156","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71162","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71145","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=457372","reference_id":"457372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=457372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0814","reference_id":"RHSA-2008:0814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0816","reference_id":"RHSA-2008:0816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3424"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn3v-pd3n-9ffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65276?format=json","vulnerability_id":"VCID-mtcz-fwqm-a7df","summary":"The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4255.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4255","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72546","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72586","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72593","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72574","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721693","reference_id":"721693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721693"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919401","reference_id":"919401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1171","reference_id":"RHSA-2013:1171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1172","reference_id":"RHSA-2013:1172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91850?format=json","purl":"pkg:deb/debian/condor@8.0.5~dfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@8.0.5~dfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4255"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtcz-fwqm-a7df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65278?format=json","vulnerability_id":"VCID-r7bx-7c44-d3e8","summary":"The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16816.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16816","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70858","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70901","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70908","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70892","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1508887","reference_id":"1508887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1508887"},{"reference_url":"https://usn.ubuntu.com/USN-4771-1/","reference_id":"USN-USN-4771-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4771-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91852?format=json","purl":"pkg:deb/debian/condor@8.6.8~dfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@8.6.8~dfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-16816"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7bx-7c44-d3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65275?format=json","vulnerability_id":"VCID-rvja-pvbf-97d3","summary":"The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5390.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5390","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8347","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83497","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83493","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=894481","reference_id":"894481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=894481"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvja-pvbf-97d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65288?format=json","vulnerability_id":"VCID-rxze-twwv-kkhg","summary":"HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66433","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01462","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01469","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01471","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66433"},{"reference_url":"https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0002.html","reference_id":"HTCONDOR-2025-0002.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:56Z/"}],"url":"https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0002.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-66433"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxze-twwv-kkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65283?format=json","vulnerability_id":"VCID-y6d4-x6z5-hqew","summary":"An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45102","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57133","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57185","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57193","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57181","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-45102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6d4-x6z5-hqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65260?format=json","vulnerability_id":"VCID-ze7m-y99j-kqbq","summary":"Unspecified vulnerability in Condor before 7.0.5 allows attackers to execute jobs as other users via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3826.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3826.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3826","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23029","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23112","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23099","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23055","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463987","reference_id":"463987","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0911","reference_id":"RHSA-2008:0911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0924","reference_id":"RHSA-2008:0924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-3826"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ze7m-y99j-kqbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65281?format=json","vulnerability_id":"VCID-zxsx-xrn8-v3dy","summary":"HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25312","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64591","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64633","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64642","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.6463","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25312"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91844?format=json","purl":"pkg:deb/debian/condor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91845?format=json","purl":"pkg:deb/debian/condor@23.9.6%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91843?format=json","purl":"pkg:deb/debian/condor@25.10.1%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@25.10.1%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-25312"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsx-xrn8-v3dy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/condor@23.9.6%252Bdfsg-2.1%3Fdistro=trixie"}