Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian shadow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-0721
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Debian Shadow 1\\
NA
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Debian Shadow 4.0.18.1
1 EDB exploit
NA
CVE-2006-1174
useradd in shadow-utils prior to 4.0.3, and possibly other versions prior to 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows malicious user...
Debian Shadow 4.0.6
Debian Shadow
Debian Shadow 4.0.0
Debian Shadow 4.0.1
Debian Shadow 4.0.4.1
Debian Shadow 4.0.5
Debian Shadow 4.0.2
Debian Shadow 4.0.4
NA
CVE-2006-1844
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Debian Shadow 4.0.14
Debian Base-config 2.53.10
NA
CVE-2004-1001
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions prior to 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Debian Shadow 4.0.4.1
NA
CVE-2001-0169
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Mandrakesoft Mandrake Linux Corporate Server 1.0.1
Redhat Linux 6.0
Redhat Linux 6.2
Mandrakesoft Mandrake Linux 6.1
Mandrakesoft Mandrake Linux 7.0
Redhat Linux 6.1
Turbolinux Turbolinux
Mandrakesoft Mandrake Linux 7.1
Mandrakesoft Mandrake Linux 7.2
Mandrakesoft Mandrake Linux 6.0
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Turbolinux Turbolinux 6.1
1 EDB exploit
7.8
CVSSv3
CVE-2001-0195
sash prior to 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
Debian Debian Linux 2.2
NA
CVE-2000-0513
CUPS (Common Unix Printing System) 1.04 and previous versions allows remote malicious users to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
Debian Debian Linux 2.2
Debian Debian Linux 2.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6