Skip to main content

Shadow

7 CVEs product

Monthly

CVE-2023-29383 LOW POC PATCH Monitor

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Shadow
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-19882 HIGH POC PATCH This Week

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Shadow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-16110 HIGH This Week

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Shadow
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2018-16588 HIGH This Week

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Shadow
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-7169 MEDIUM POC This Month

An issue was discovered in shadow 4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Shadow
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2017-12424 CRITICAL PATCH Act Now

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Shadow Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2016-6252 HIGH PATCH This Week

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Shadow
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Shadow
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Shadow
NVD GitHub
EPSS 2% CVSS 8.1
HIGH This Week

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Shadow
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Shadow
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in shadow 4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Shadow
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Shadow Debian Linux
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Shadow
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy