57 matches found
CLSA-2026-1779354447 shadow-utils: Fix of CVE-2023-4641
CVE-2023-4641: fix password leak in gpasswd...
CLSA-2026-1779267466 shadow-utils: Fix of CVE-2023-4641
CVE-2023-4641: fix password leak in gpasswd...
shadow-utils: Fix of CVE-2017-12424
CVE-2017-12424: fix heap buffer overflow in commoniosort when an entry has a NULL line...
CLSA-2026-1777947090 shadow-utils: Fix of CVE-2017-12424
CVE-2017-12424: fix heap buffer overflow in commoniosort when an entry has a NULL line...
Astra Linux - уязвимость в shadow
A flaw was discovered in shadow-utils. When requesting a new password, shadow-utils asks for the password twice. If the password is incorrect on the second attempt, shadow-utils fails in clearing the buffer used to store the first entry. This may allow an attacker with sufficient access to retrie...
Security Bulletin: Multiple Vulnerabilities in Hyper-Converged Database
Summary Multiple vulnerabilities were addressed in Hyper-Converged Database version 1.2.5 Vulnerability Details CVEID:CVE-2024-56433 DESCRIPTION: shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that c...
SUSE CVE-2024-56433
shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...
MiracleLinux 9 : shadow-utils-4.9-8.el9 (AXSA:2023-6622:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6622:03 advisory. shadow-utils: possible password leak during passwd1 change CVE-2023-4641 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 8 : shadow-utils-4.6-19.el8 (AXSA:2023-7078:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7078:04 advisory. shadow-utils: possible password leak during passwd1 change CVE-2023-4641 Tenable has extracted the preceding description block directly from the MiracleLinux...
Siemens Ruggedcom ROX Incorrect Implementation of Authentication Algorithm (CVE-2023-4641)
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...
Oracle Linux 10 : ELSA-2025-20145-0: / shadow-utils (ELSA-2025-201450)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-201450 advisory. 2:4.15.0-8 - vipw: restore the original terminal pgrp after editing. Resolves: RHEL-93172 Tenable has extracted the preceding description block directly from...
RLSA-2025:20145 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
shadow-utils security update
An update is available for shadow-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shadow-utils packages include programs for converting UNIX password...
RockyLinux 10 : shadow-utils (RLSA-2025:20145)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:20145 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description...
Oracle Linux 9 : ELSA-2025-20559-0: / shadow-utils (ELSA-2025-205590)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-205590 advisory. 2:4.9-15 - nss.c: shadowlogfd to stderr. Resolves: RHEL-83431 - vipw: restore the original terminal pgrp after editing. Resolves: RHEL-70844 and RHEL-72940...
AlmaLinux 10 : shadow-utils (ALSA-2025:20145)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20145 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
RockyLinux 9 : shadow-utils (RLSA-2025:20559)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:20559 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
shadow-utils security update
An update is available for shadow-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shadow-utils packages include programs for converting UNIX password...
RLSA-2025:20559 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
AlmaLinux 9 : shadow-utils (ALSA-2025:20559)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20559 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description bloc...