CVE-2006-2607

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in ...

CVE-1999-0769

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

CVE-1999-0872

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

CVE-1999-0297

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

CVE-2001-0559

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.

CVE-2024-43688

cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.