Every CVE whose affected-product data names Shadow Project Shadow, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2017-12424 — CVSS 9.8 (critical): In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed…
CVE-2016-6252 — CVSS 7.8 (high): Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
CVE-2019-19882 — CVSS 7.8 (high): shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access…
CVE-2018-7169 — CVSS 5.3 (medium): An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user…
CVE-2023-29383 — CVSS 3.3 (low): In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is…