Skip to main content

Cron

4 CVEs product

Monthly

CVE-2019-9706 MEDIUM POC PATCH This Month

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Use After Free Debian Memory Corruption Cron +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-9705 MEDIUM PATCH This Month

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Debian Cron Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-9704 MEDIUM PATCH This Month

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Debian Cron Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-9525 MEDIUM This Month

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Debian Privilege Escalation Cron Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Use After Free Debian +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Debian Cron +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Debian Cron +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Debian Privilege Escalation +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy