CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43984
https://notcve.org/view.php?id=CVE-2023-43984
07 Nov 2023 — Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. Los permisos inseguros en Smart Soft advancedexport anteriores a v4.4.7 permiten a atacantes no autenticados descargar arbitrariamente información de usuario de la tabla ps_customer. • https://security.friendsofpresta.org/modules/2023/11/07/advancedexport.html • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2021-41269 – Unauthenticated remote code injection in cron-utils
https://notcve.org/view.php?id=CVE-2021-41269
15 Nov 2021 — cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was p... • https://github.com/jmrozanec/cron-utils/commit/cfd2880f80e62ea74b92fa83474c2aabdb9899da • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 14%CPEs: 1EXPL: 2CVE-2020-26238 – Critical vulnerability found in cron-utils
https://notcve.org/view.php?id=CVE-2020-26238
24 Nov 2020 — Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3. • https://github.com/jmrozanec/cron-utils/commit/4cf373f7352f5d95f0bf6512af8af326b31c835e • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9704 – Ubuntu Security Notice USN-5259-2
https://notcve.org/view.php?id=CVE-2019-9704
12 Mar 2019 — Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Vixie Cron, en versiones anteriores a la 3.0pl1-133 en el paquete Debian, permite a los usuarios locales provocar una denegación de servicio (cierre de demonio) mediante un archivo crontab largo debido a que el valor de retorno no se comprueba. USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update ... • http://www.securityfocus.com/bid/107373 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9705 – Ubuntu Security Notice USN-5259-2
https://notcve.org/view.php?id=CVE-2019-9705
12 Mar 2019 — Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. Vixie Cron, en versiones anteriores a la 3.0pl1-133 en el paquete Debian, permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) debido a un número de líneas ilimitado. USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce ... • http://www.securityfocus.com/bid/107378 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-9525 – Ubuntu Security Notice USN-5259-2
https://notcve.org/view.php?id=CVE-2017-9525
09 Jun 2017 — In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. En el paquete cron hasta la versión 3.0pl1-128 en Debian, y hasta la versión 3.0pl1-128ubuntu2 en Ubuntu, el script de mantenimiento postinst permite la escalada de privilegios de grupo-crontab a root por medio de ataques de enlace simbólico (symlink) contra el ... • http://bugs.debian.org/864466 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •