Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian shadow - vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv2
CVE-2006-1174
useradd in shadow-utils prior to 4.0.3, and possibly other versions prior to 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows malicious user...
Debian Shadow 4.0.6
Debian Shadow
Debian Shadow 4.0.0
Debian Shadow 4.0.1
Debian Shadow 4.0.4.1
Debian Shadow 4.0.5
Debian Shadow 4.0.2
Debian Shadow 4.0.4
7.5
CVSSv2
CVE-2017-12424
In shadow prior to 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege bound...
Shadow Project Shadow
Debian Debian Linux 9.0
4.6
CVSSv2
CVE-2004-1001
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions prior to 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
Debian Shadow 4.0.4.1
6.4
CVSSv2
CVE-2011-0721
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
Debian Shadow 1\\
7.2
CVSSv2
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Debian Shadow 4.0.18.1
1 EDB exploit
4.6
CVSSv2
CVE-2017-20002
The Debian shadow package prior to 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok...
Debian Shadow 4.4
Debian Debian Linux 9.0
2.1
CVSSv2
CVE-2006-1844
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
Debian Shadow 4.0.14
Debian Base-config 2.53.10
3.3
CVSSv2
CVE-2013-4235
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Debian Shadow -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 17
Fedoraproject Fedora 16
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5
7.2
CVSSv2
CVE-2005-4890
There is a possible tty hijacking in shadow 4.x prior to 4.1.5 and sudo 1.x prior to 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next proces...
Debian Shadow
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 5
Redhat Enterprise Linux 4
Redhat Enterprise Linux 6.0
2 Github repositories
5
CVSSv2
CVE-2000-0513
CUPS (Common Unix Printing System) 1.04 and previous versions allows remote malicious users to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
Debian Debian Linux 2.2
Debian Debian Linux 2.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »