Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian shadow - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-0721
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Debian Shadow 1\\
NA
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Debian Shadow 4.0.18.1
1 EDB exploit
NA
CVE-2006-1174
useradd in shadow-utils prior to 4.0.3, and possibly other versions prior to 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows malicious user...
Debian Shadow 4.0.6
Debian Shadow
Debian Shadow 4.0.0
Debian Shadow 4.0.1
Debian Shadow 4.0.4.1
Debian Shadow 4.0.5
Debian Shadow 4.0.2
Debian Shadow 4.0.4
NA
CVE-2006-1844
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Debian Shadow 4.0.14
Debian Base-config 2.53.10
NA
CVE-2004-1001
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions prior to 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Debian Shadow 4.0.4.1
NA
CVE-2001-0169
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Mandrakesoft Mandrake Linux Corporate Server 1.0.1
Redhat Linux 6.0
Redhat Linux 6.2
Mandrakesoft Mandrake Linux 6.1
Mandrakesoft Mandrake Linux 7.0
Redhat Linux 6.1
Turbolinux Turbolinux
Mandrakesoft Mandrake Linux 7.1
Mandrakesoft Mandrake Linux 7.2
Mandrakesoft Mandrake Linux 6.0
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Turbolinux Turbolinux 6.1
1 EDB exploit
NA
CVE-2000-0513
CUPS (Common Unix Printing System) 1.04 and previous versions allows remote malicious users to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
Debian Debian Linux 2.2
Debian Debian Linux 2.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6