VYPR
Vendor

Shadow Project

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2017-12424CriAug 4, 2017
    risk 0.64cvss 9.8epss 0.03

    In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege…

  • CVE-2016-6252HigFeb 17, 2017
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

  • CVE-2023-4641Dec 27, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve…