CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0424 – cronie: Race condition by setting timestamp of user's crontab file, when editing the file
https://notcve.org/view.php?id=CVE-2010-0424
25 Feb 2010 — The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. La funcion edit_cmd en crontab.c en (1) cronie anteriores a v1.4.4 y (2) Vixie cron (vixie-cron) permite a usuarios locales cambiar las horas de modificación de ficheros de forma arbitraria, y consecuentemente producir una denegación de s... • http://git.fedorahosted.org/git/cronie.git?p=cronie.git%3Ba=commit%3Bh=9e4a8fa5f9171fb724981f53879c9b20264aeb61 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1856 – crontab denial of service
https://notcve.org/view.php?id=CVE-2007-1856
18 Apr 2007 — Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. Vixie Cron anterior a 4.1-r10 en Gentoo Linux es instalado con permisos inseguros, lo cual permite a usuarios locales provocar una denegación de servicio (fallo de cron) creando enlaces duros (hard links), lo cual resulta en el fallo de la comprobación st_nlink en database.c. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2607 – Jobs start from root when pam_limits enabled
https://notcve.org/view.php?id=CVE-2006-2607
25 May 2006 — do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. • http://bugs.gentoo.org/show_bug.cgi?id=134194 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2005-1038
https://notcve.org/view.php?id=CVE-2005-1038
10 Apr 2005 — crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2001-0560
https://notcve.org/view.php?id=CVE-2001-0560
22 Aug 2001 — Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). • http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2001-0559 – Vixie Cron crontab 3.0 - Privilege Lowering Failure
https://notcve.org/view.php?id=CVE-2001-0559
14 Aug 2001 — crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error. • https://www.exploit-db.com/exploits/20822 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2000-1096 – vixie-cron - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2000-1096
09 Jan 2001 — crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. • https://www.exploit-db.com/exploits/203 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-1999-0872
https://notcve.org/view.php?id=CVE-1999-0872
25 Aug 1999 — Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. • http://www.securityfocus.com/bid/611 •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-1999-0769 – Caldera OpenLinux 2.2 / Debian 2.1/2.2 / RedHat 6.0 - Vixie Cron MAILTO Sendmail
https://notcve.org/view.php?id=CVE-1999-0769
25 Aug 1999 — Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. • https://www.exploit-db.com/exploits/19474 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-1999-0297
https://notcve.org/view.php?id=CVE-1999-0297
12 Dec 1996 — Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0297 •