Astra Linux - уязвимость в shadow

Shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...

Astra Linux – Vulnerability in Shadow

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...

EUVD-2025-208539

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

PT-2026-24431

Name of the Vulnerable Software and Affected Versions Tenda i24V3.0si version 3.0.0.5 Description The firmware contains a hardcoded password, allowing attackers to log in as root. The hardcoded password is located in the '/etc ro/shadow' file. Recommendations Update to a newer version that...

EUVD-2018-18911

Malware in sbrugna...

EUVD-2005-4881

Malware in sbrugna...

EUVD-2016-7182

Malware in sbrugna...

CVE-2025-24765 WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from n/a through = 1.1.0...

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

Photon OS 4.0: Shadow PHSA-2023-4.0-0536

An update of the shadow package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0536. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

USN-6640-1 shadow vulnerability

It was discovered that shadow was not properly sanitizing memory when running the password utility. An attacker could possibly use this issue to retrieve a password from memory, exposing sensitive information...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : shadow vulnerability (USN-6640-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6640-1 advisory. It was discovered that shadow was not properly sanitizing memory when running the password utility. An...

SUSE-SU-2023:2069-1 Security update for shadow

This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn bsc1210507...

SUSE-SU-2023:2066-1 Security update for shadow

This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn bsc1210507...

shadow 安全漏洞

shadow is a suite of tools used to maintain Debian systems. A security vulnerability exists in shadow, which stems from the presence of some unknown functionality in the program, resulting in a denial of service...

SUSE CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process...

USN-5745-1 shadow vulnerability

Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : shadow vulnerability (USN-5745-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5745-1 advisory. Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race...

USN-5254-1 shadow vulnerabilities

It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2017-12424 It was discovered that shadow incorrectly handled certain...

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 allows a hacker to elevate their privileges to the level of root or lldpd.

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 is related to the presence of embedded authentication data. Exploiting this vulnerability can allow an attacker to elevate their privileges to the level of root or lldp...