Every CVE whose affected-product data names Paul Vixie Vixie Cron, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-1999-0297 — CVSS 7.2 (high): Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
CVE-1999-0769 — CVSS 7.2 (high): Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVE-1999-0872 — CVSS 7.2 (high): Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVE-2006-2607 — CVSS 7.2 (high): do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root…
CVE-2001-0559 — CVSS 7.2 (high): crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could…
CVE-2001-0560 — CVSS 4.6 (medium): Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20…
CVE-2000-1096 — CVSS 3.7 (low): crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user…
CVE-2010-0424 — CVSS 3.3 (low): The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification…
CVE-2005-1038 — CVSS 2.1 (low): crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file…
CVE-2007-1856 — CVSS 2.1 (low): Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service…