CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2012-5390
https://notcve.org/view.php?id=CVE-2012-5390
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. El componente Standard Universe Shadow (condor_shadow.std) en Condor 7.7.3 hasta 7.7.6, 7.8.0 anterior a 7.8.5 y 7.9.0 no comprueba debidamente los privilegios, lo que permite a atacantes remotos ganar privilegios a través de un Standard Universe Job manipulado. • http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html http://secunia.com/advisories/51862 http://www.securityfocus.com/bid/57328 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4255 – condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
https://notcve.org/view.php?id=CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL política que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegación de servicio (salida condor_startd) a través de un trabajo manipulad • http://rhn.redhat.com/errata/RHSA-2013-1171.html http://rhn.redhat.com/errata/RHSA-2013-1172.html https://bugzilla.redhat.com/show_bug.cgi?id=919401 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829 https://access.redhat.com/security/cve/CVE-2013-4255 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4462 – condor: DoS when removing jobs via jobcontrol.py when job id is in square brackets
https://notcve.org/view.php?id=CVE-2012-4462
aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option. aviary/jobcontrol.py de Condor, es usado en Red Hat Enterprise MRG v2.3, cuando se eliminan tareas, permite a atacantes remotos causar una denegación de servicios (condor_schedd reinicio) a través de corchetes en la opción cproc. • http://rhn.redhat.com/errata/RHSA-2013-0564.html http://rhn.redhat.com/errata/RHSA-2013-0565.html https://bugzilla.redhat.com/show_bug.cgi?id=860850 https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84 https://access.redhat.com/security/cve/CVE-2012-4462 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5196
https://notcve.org/view.php?id=CVE-2012-5196
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors. Múltiples desbordamientos de búfer en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 tienen un impacto y vectores de ataque desconocidos. • http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/78975 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5197
https://notcve.org/view.php?id=CVE-2012-5197
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls." Múltiples vulnerabilidades no especificadas en Condor v7.6.x antes de v7.6.10 y v7.8.x antes de v7.8.4 tienen vectores de ataque desconocidos y un impacto relacionado con "la comprobación de errores de llamadas al sistema." • http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html https://exchange.xforce.ibmcloud.com/vulnerabilities/78974 •