VYPR

Cron

by Cron Project

CVEs (2)

  • CVE-2017-9525MedJun 9, 2017
    risk 0.44cvss 6.7epss 0.01

    In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

  • CVE-2019-9706Mar 12, 2019
    risk 0.00cvss epss 0.00

    Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.