LAYER: meta
PACKAGE NAME: cronie
PACKAGE VERSION: 1.7.2
CVE: CVE-2010-0424
CVE STATUS: Patched
CVE SUMMARY: The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
CVSS v2 BASE SCORE: 3.3
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0424

LAYER: meta
PACKAGE NAME: cronie
PACKAGE VERSION: 1.7.2
CVE: CVE-2012-6097
CVE STATUS: Patched
CVE SUMMARY: File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6097