Vulnerabilities > Debian > Shadow

DATE CVE VULNERABILITY TITLE RISK
2021-03-17 CVE-2017-20002 Improper Privilege Management vulnerability in Debian Linux and Shadow
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty.
local
low complexity
debian CWE-269
7.8
2019-12-03 CVE-2013-4235 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
local
high complexity
debian fedoraproject redhat CWE-367
4.7
2019-11-04 CVE-2005-4890 Improper Input Validation vulnerability in multiple products
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
local
low complexity
sudo-project debian redhat CWE-20
7.8