Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.

convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion.

The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.