Vulnerabilities > Shadow Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-14 | CVE-2023-29383 | Injection vulnerability in Shadow Project Shadow 4.13 In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). | 3.3 |
2019-12-18 | CVE-2019-19882 | Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.8 shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. | 7.8 |
2018-02-15 | CVE-2018-7169 | Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.5 An issue was discovered in shadow 4.5. | 5.3 |
2017-08-04 | CVE-2017-12424 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. | 9.8 |
2017-02-17 | CVE-2016-6252 | Integer Overflow or Wraparound vulnerability in Shadow Project Shadow 4.2.1 Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | 7.8 |