Page 2 of 8 results (0.005 seconds)

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18075 •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18078 •

CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 2

Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file. • https://www.exploit-db.com/exploits/20905 http://fcron.free.fr/CHANGES.html http://marc.info/?l=bugtraq&m=98339581702282&w=2 http://www.securityfocus.com/bid/2835 https://exchange.xforce.ibmcloud.com/vulnerabilities/7127 •