Vulnerabilities > Debian > Shadow > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2017-20002 | Improper Privilege Management vulnerability in Debian Linux and Shadow The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. | 4.6 |
| 2019-12-03 | CVE-2013-4235 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | 4.7 |
| 2011-02-19 | CVE-2011-0721 | Improper Input Validation vulnerability in Debian Shadow 1:4.1.4 Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. | 6.4 |
| 2005-03-01 | CVE-2004-1001 | Unspecified vulnerability in Debian Shadow 4.0.4.1 Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. | 4.6 |