400 matches found
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
Rpm-ostree: world-readable /etc/shadow file
...
CVE-2024-22085
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...
CVE-2024-51431
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...
CVE-2020-13859
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...
eCharge Hardy Barth cPH2和eCharge Hardy Barth cPP2 安全漏洞
The eCharge Hardy Barth cPH2 and eCharge Hardy Barth cPP2 are both an electric vehicle charging station from eCharge. A security vulnerability exists in the eCharge Hardy Barth cPH2 and eCharge Hardy Barth cPP2 that stems from the /etc/shadow file containing hard-coded entries for the root user,...
eCharge Hardy Barth cPH2和eCharge Hardy Barth cPP2 安全漏洞
The eCharge Hardy Barth cPH2 and eCharge Hardy Barth cPP2 are both an electric vehicle charging station from eCharge. A security vulnerability exists in the eCharge Hardy Barth cPH2 and eCharge Hardy Barth cPP2 that stems from the fact that the /etc/passwd and /etc/shadow files contain hard-coded...
rpm-ostree: world-readable /etc/shadow file
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...
SUSE SLES15 Security Update : apparmor (SUSE-SU-2025:1512-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1512-1 advisory. - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:1517-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:1505-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
Ensure That User Group and Password File Permissions Are Correct
In the Linux OS-related information, such as users, passwords, and user groups, is recorded in the configuration files in the /etc directory. Proper permissions must be set for accessing these files. Otherwise, the files may be stolen or tampered with by attackers. The owner and owner group of...
The vulnerability of the /etc/shadow file in TOTOLINK CA300-PoE router microprogramming software allows a hacker to disclose protected information.
The vulnerability of the /etc/shadow file in TOTOLINK CA300-PoE router microprogramming systems is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker to disclose the protected information...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...
pam: libpam: Libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...