CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-4930 – Condor: Multiple format string flaws
https://notcve.org/view.php?id=CVE-2011-4930
10 Feb 2014 — Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. Múltiples vulnerabilidades de cade... • http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-5136
https://notcve.org/view.php?id=CVE-2009-5136
11 Oct 2013 — The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor anterior a la versión 7.4.2 no maneja adecuadamente atributos en una política WANT_SUSPEND que da como resultado un estado UNDEFINIED, lo que permite a usuarios remotos autenticados provocar una denegaci... • http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4255 – condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
https://notcve.org/view.php?id=CVE-2013-4255
21 Aug 2013 — The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3)... • http://rhn.redhat.com/errata/RHSA-2013-1171.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 39EXPL: 0CVE-2012-3416 – condor: host based authentication does not implement forward-confirmed reverse dns
https://notcve.org/view.php?id=CVE-2012-3416
25 Aug 2012 — Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. Condor antes de v7.8.2 permite a atacantes remotos evitar la auntenticación basada en host y ejecutar acciones como ALLOW_ADMINISTRATOR o ALLOW_WRITE conectando desde un sistema con un hostname DNS inverso falsificado • http://osvdb.org/84766 • CWE-284: Improper Access Control CWE-287: Improper Authentication •