Vulnerabilities > Debian > Shadow > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-17 CVE-2017-20002 Improper Privilege Management vulnerability in Debian Linux and Shadow
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty.
local
low complexity
debian CWE-269
4.6
2019-12-03 CVE-2013-4235 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
local
high complexity
debian fedoraproject redhat CWE-367
4.7
2011-02-19 CVE-2011-0721 Improper Input Validation vulnerability in Debian Shadow 1:4.1.4
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
network
low complexity
debian CWE-20
6.4
2005-03-01 CVE-2004-1001 Unspecified vulnerability in Debian Shadow 4.0.4.1
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
local
low complexity
debian
4.6