Lucene search
+L
Condor ProjectCondor

17 matches found

CVE
CVE
added 2008/10/08 8:44 p.m.91 views

CVE-2008-3828

CVE-2008-3828: A stack-based buffer overflow in the condor_schedd daemon of Condor up to version before 7.0.5 can be triggered locally to crash the service and possibly allow arbitrary code execution via unknown vectors. Affected software/version: Condor prior to 7.0.5 (condor_schedd). Impact: de...

4.6CVSS7.7AI score0.00529EPSS
CVE
CVE
added 2013/03/12 3:0 p.m.76 views

CVE-2012-4462

Summary (CVE-2012-4462) : The vulnerability affects Condor (HTCondor) components used with Red Hat Enterprise MRG Grid 2.3. Specifically, removing a job via aviary/jobcontrol.py when CPROC contains square brackets can crash the condor_schedd, leading to a denial of service. The issue is rooted in...

4.3CVSS6.6AI score0.02267EPSS
CVE
CVE
added 2008/07/31 10:0 p.m.69 views

CVE-2008-3424

The CVE-2008-3424 vulnerability affects Condor up to version 7.0.4, arising from improper handling of wildcards in ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, and HOSTDENY_WRITE in authorization policy lists. This could allow authenticated remote users to bypass access restrictions and submit jobs,...

7.5CVSS6.5AI score0.02651EPSS
CVE
CVE
added 2014/02/10 5:0 p.m.69 views

CVE-2011-4930

CVE-2011-4930 concerns multiple format string flaws in Condor 7.2.0–7.6.4 (and possibly 7.7.x), used with Red Hat MRG Grid. An authenticated Condor service user could leverage these flaws to crash the condor_schedd daemon, prevent job scheduling/execution, or potentially execute arbitrary code vi...

4.4CVSS7.5AI score0.00586EPSS
CVE
CVE
added 2013/10/11 10:0 p.m.67 views

CVE-2013-4255

HTCondor vulnerability CVE-2013-4255 affects policy evaluation in Condor (7.5.4, 8.0.0 and earlier). If a job defines a policy attribute in CONTINUE, KILL, PREEMPT, SUSPEND, or related policies that evaluates to UNDEFINED/ERROR/Unconfigured, a remote authenticated user could cause condor_startd t...

3.5CVSS6.3AI score0.0164EPSS
CVE
CVE
added 2008/10/08 8:44 p.m.60 views

CVE-2008-3826

CVE-2008-3826 affects the Condor workload management system prior to 7.0.5. The vulnerability allows attackers to run jobs as other users via unknown vectors. Public docs in the connected set identify the affected product/version and note this as an unspecified vulnerability, with Fedora/RH advis...

4.6CVSS6.5AI score0.00386EPSS
CVE
CVE
added 2008/10/08 8:44 p.m.60 views

CVE-2008-3830

CVE-2008-3830 affects Condor up to 7.0.4-7.x; the issue arises when configuration specifies overlapping netmasks in allow/deny rules, causing a rule to be ignored and enabling bypass of access restrictions. Public sources (NVD) describe the vulnerability; Fedora 9 and Red Hat advisories reference...

7.2CVSS6.3AI score0.00388EPSS
CVE
CVE
added 2009/12/23 6:0 p.m.60 views

CVE-2009-4133

CVE-2009-4133 affects Condor (versions 6.5.4–7.2.4, 7.3.x, and 7.4.0 as used in MRG/GRID environments). The issue allows remote authenticated users to queue jobs as an arbitrary user by using a Condor CLI tool to modify an unspecified job attribute, enabling privilege elevation (partial confident...

6.5CVSS6.2AI score0.02078EPSS
CVE
CVE
added 2012/09/28 5:0 p.m.59 views

CVE-2012-3492

CVE-2012-3492 affects Condor 7.6.x (pre-7.6.10) and 7.8.x (pre-7.8.4). The issue stems from filesystem authentication using authentication directories even when permissions are weak, enabling an attacker to impersonate a user by renaming the user’s authentication directory. The connected document...

6.4CVSS6.7AI score0.03184EPSS
CVE
CVE
added 2012/09/28 5:0 p.m.58 views

CVE-2012-3493

CVE-2012-3493 affects Condor 7.6.x (before 7.6.10) and 7.8.x (before 7.8.4). A remote ClassAd request to condor_startd can leak the ClaimId, enabling possible information disclosure and, potentially, control or start of arbitrary jobs. Remediation: upgrade to 7.6.10/7.8.4 or later (per descriptio...

5.8CVSS6.7AI score0.01667EPSS
CVE
CVE
added 2013/10/11 10:0 p.m.56 views

CVE-2009-5136

CVE-2009-5136 affects Condor before 7.4.2. The policy definition evaluator does not correctly handle attributes in a WANT_SUSPEND policy that evaluate to UNDEFINED, allowing remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. The issue is documented acr...

4CVSS6.3AI score0.01927EPSS
CVE
CVE
added 2012/08/25 10:0 a.m.56 views

CVE-2012-3416

CVE-2012-3416 affects Condor prior to 7.8.2. A remote attacker could bypass host-based authentication and perform privileged actions (e.g., ALLOW_ADMINISTRATOR, ALLOW_WRITE) by connecting from a system with a spoofed reverse DNS hostname. The issue is rated CVSSv2 base 10.0 (HIGH) with network ac...

10CVSS7AI score0.05102EPSS
CVE
CVE
added 2014/06/06 2:0 p.m.56 views

CVE-2012-5390

The CVE-2012-5390 entry concerns the Condor project: the standard universe shadow component (condor_shadow.std) in Condor versions 7.7.3–7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does not properly check privileges, enabling remote attackers to gain elevated privileges via a crafted standard universe j...

10CVSS7AI score0.02491EPSS
CVE
CVE
added 2012/09/28 5:0 p.m.53 views

CVE-2012-3491

CVE-2012-3491 affects Condor 7.6.x (before 7.6.10) and 7.8.x (before 7.8.4). The issue is an improper permissions check in src/condor_schedd.V6/schedd.cpp that could allow remote authenticated users to remove arbitrary idle jobs via unspecified vectors. The connected documents corroborate the vul...

4CVSS6.3AI score0.0183EPSS
CVE
CVE
added 2008/10/08 8:44 p.m.50 views

CVE-2008-3829

CVE-2008-3829 affects the Condor project’s condor_schedd daemon in Condor, with versions prior to 7.0.5 . The vulnerability is described as an unspecified issue that allows an attacker to cause a denial of service (crash) via unknown vectors. Public references in the connected documents confirm t...

5CVSS6.2AI score0.01896EPSS
CVE
CVE
added 2012/09/28 5:0 p.m.47 views

CVE-2012-5196

The CVE-2012-5196 entry concerns multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4. The connected documents provide versions and the described issue but do not include concrete impact specifics or attack vectors beyond stating they are unknown. No exploit details or m...

10CVSS7AI score0.01847EPSS
CVE
CVE
added 2012/09/28 5:0 p.m.43 views

CVE-2012-5197

Concisely, CVE-2012-5197 affects Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 with multiple unspecified vulnerabilities related to error checking of system calls. The connected documents describe unknown impact and attack vectors; no explicit exploitation details or remediation are provided ...

10CVSS6.8AI score0.01679EPSS