Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 25 results


CVE-2023-4641

Low priority

Some fixes available 6 of 7

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may...

1 affected packages

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-29383

Low priority
Vulnerable

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the...

1 affected packages

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2017-20002

Medium priority
Not affected

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by...

1 affected packages

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Not affected Not affected
Show less packages

CVE-2019-19882

Medium priority
Not affected

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled...

1 affected packages

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Not affected
Show less packages

CVE-2019-5152

Medium priority
Needs evaluation

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound...

1 affected packages

shadowsocks-libev

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadowsocks-libev Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2019-5164

Medium priority
Needs evaluation

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and...

1 affected packages

shadowsocks-libev

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadowsocks-libev Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2019-5163

Medium priority
Needs evaluation

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit....

1 affected packages

shadowsocks-libev

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadowsocks-libev Not affected Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2013-4235

Low priority

Some fixes available 2 of 20

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

1 affected packages

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Fixed Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2005-4890

Low priority
Ignored

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input...

2 affected packages

shadow, sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Not affected Not affected
sudo Not affected Not affected Not affected
Show less packages

CVE-2018-7169

Low priority

Some fixes available 3 of 7

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a...

1 affected packages

shadow

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Not affected Fixed Fixed
Show less packages