CVE-2025-2921

A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an...

SUSE SLES12 Security Update : shadow (SUSE-SU-2023:2069-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2069-1 advisory. - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is no...

CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...

Path traversal

A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The...

CVE-2011-0721

Multiple CRLF injection vulnerabilities in 1 chfn and 2 chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field...