Cron Project Cron vulnerabilities
5 known vulnerabilities affecting cron_project/cron.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2006-2607P4HIGHCVSS 7.2≥ 0, < 3.0pl1-642006-05-25
CVE-2006-2607 [HIGH] CVE-2006-2607: do_command
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
osv
CVE-2017-9525P4MEDIUMCVSS 6.7≤ 3.0pl1-128.2017-06-09
CVE-2017-9525 [MEDIUM] CWE-59 CVE-2017-9525: In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the posti
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
nvdosv
CVE-2019-9706P4MEDIUMCVSS 5.5≥ 0, < 3.0pl1-1332019-03-12
CVE-2019-9706 [MEDIUM] CVE-2019-9706: Vixie Cron before the 3
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
osv
CVE-2019-9705P4MEDIUMCVSS 5.5fixed in 3.0pl1-1332019-03-12
CVE-2019-9705 [MEDIUM] CWE-770 CVE-2019-9705: Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (mem
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
nvdosv
CVE-2019-9704P4MEDIUMCVSS 5.5fixed in 3.0pl1-1332019-03-12
CVE-2019-9704 [MEDIUM] CWE-252 CVE-2019-9704: Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (dae
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
nvdosv