paul_vixie 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、バッファオーバーフロー, and vendor risk denial of service があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2010-0424 | The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. | [email protected] | 3.3 | 0.10% | 2010-02-25 | 2026-04-29 |
| CVE-2007-1856 | Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. | [email protected] | 2.1 | 0.05% | 2007-04-18 | 2026-04-23 |
| CVE-2006-2607 | do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | [email protected] | 7.2 | 0.04% | 2006-05-25 | 2026-04-16 |
| CVE-2005-1038 | crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. | [email protected] | 2.1 | 0.08% | 2005-05-02 | 2026-04-16 |
| CVE-2001-0560 | Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). | [email protected] | 4.6 | 0.22% | 2001-08-22 | 2026-04-16 |
| CVE-2001-0559 | crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error. | [email protected] | 7.2 | 0.24% | 2001-08-14 | 2026-04-16 |
| CVE-2000-1096 | crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. | [email protected] | 3.7 | 0.38% | 2001-01-09 | 2026-04-16 |
| CVE-1999-0872 | Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. | [email protected] | 7.2 | 0.06% | 1999-08-25 | 2026-04-16 |
| CVE-1999-0769 | Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | [email protected] | 7.2 | 0.38% | 1999-08-25 | 2026-04-16 |
| CVE-1999-0297 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. | [email protected] | 7.2 | 0.06% | 1996-12-12 | 2026-04-16 |