21 matches found
CVE-2026-30656
A flaw was found in fio Flexible I/O Tester. A local user could exploit this vulnerability by providing a specially crafted job file that includes the fdppli option without an argument. This leads to a NULL pointer dereference, which occurs when the program attempts to access a memory location th...
CVE-2025-54963
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized f...
EUVD-2009-5091
Malware in sbrugna...
EUVD-2013-4157
Malware in sbrugna...
EUVD-2012-5309
Malware in sbrugna...
CVE-2025-6193 Trustyai-explainability: command injection via lmevaljob cr
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
GHSA-3J9C-CP7M-8W8G Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
libquartz: XXE attacks via job description
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...
GnuTLS libtasn1 "asn1_find_node()" buffer overflow vulnerability
Libtasn1 is the ASN.1 library used by GnuTLS. A buffer overflow vulnerability exists in the "asn1findnode" function in lib/parseraux.c in the GnuTLS libtasn1, which could allow an attacker to stack buffer overflows by tricking the user into processing specially designed job files through utilitie...
CVE-2015-5319
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
CVE-2015-5319
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
Code injection
The standard universe shadow condorshadow.std component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job...
CVE-2012-5390
The standard universe shadow condorshadow.std component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job...
CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
CVE-2009-5136
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANTSUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service condorstartd exit via a crafted job...
Code injection
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
Nagios XI Autodiscovery Arbitrary Command Execution
An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the...