109 matches found
Astra Linux - уязвимость в shadow
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...
Siemens SIMATIC S7-1500 Generation of Error Message Containing Sensitive Information (CVE-2022-0563)
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the...
Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2023-29383)
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
JLSEC-2025-191 A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from t...
EUVD-2011-1935
Malware in sbrugna...
EUVD-1999-1070
Malware in sbrugna...
EUVD-2022-15682
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-0563
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get...
Linux Distros Unpatched Vulnerability : CVE-2023-29383
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit...
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1757)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:0939-1 Security update for shadow
This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn bsc1210507. The following non-security bugs were fixed: - bsc1176006: Fix chage date miscalculation - bsc1188307: Fix passwd segfault - bsc1203823: Remove pamkeyinit from PAM conf...
EulerOS 2.0 SP11 : shadow (EulerOS-SA-2023-2710)
According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not...
GLSA-202401-08 : util-linux: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-08 util-linux: Multiple Vulnerabilities - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local...
SUSE CVE-2015-3245
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...
Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-2549)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.1 : shadow (EulerOS-SA-2023-2549)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
EulerOS Virtualization 2.10.0 : shadow (EulerOS-SA-2023-2568)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
EulerOS Virtualization 2.9.1 : shadow (EulerOS-SA-2023-2519)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
EulerOS Virtualization 2.9.0 : shadow (EulerOS-SA-2023-2532)
According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although ...
EulerOS 2.0 SP10 : shadow (EulerOS-SA-2023-2368)
According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not...