Every CVE whose affected-product data names Debian Shadow, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2017-20002 — CVSS 7.8 (high): The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows…
CVE-2005-4890 — CVSS 7.8 (high): There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be…
CVE-2008-5394 — CVSS 7.2 (high): /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to…
CVE-2011-0721 — CVSS 6.4 (medium): Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to…
CVE-2013-4235 — CVSS 4.7 (medium): shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
CVE-2004-1001 — CVSS 4.6 (medium): Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to…
CVE-2006-1174 — CVSS 3.7 (low): useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function…
CVE-2006-1844 — CVSS 2.1 (low): The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log…