Vulnerabilities > Debian > Shadow > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-17 CVE-2017-20002 Improper Privilege Management vulnerability in Debian Linux and Shadow
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty.
local
low complexity
debian CWE-269
7.8
2019-11-04 CVE-2005-4890 Improper Input Validation vulnerability in multiple products
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
local
low complexity
sudo-project debian redhat CWE-20
7.8