CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

9 results Clear all

CVE-2017-20002 7.8 HIGH EPSS 0.00

Debian shadow <4.5-1 - Privilege Escalation

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

CWE-269 Mar 17, 2021

CVE-2013-4235 4.7 MEDIUM EPSS 0.00

Debian Shadow - TOCTOU Race Condition

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CWE-367 Dec 03, 2019

CVE-2005-4890 7.8 HIGH EPSS 0.00

Shadow <4.1.5, Sudo <1.7.4 - Privilege Escalation

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

CWE-20 Nov 04, 2019

CVE-2017-12424 9.8 CRITICAL 1 Writeup EPSS 0.01

Shadow <4.5 - Memory Corruption

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

CWE-119 Aug 04, 2017

CVE-2011-0721 EPSS 0.01

Debian Shadow - Improper Input Validation

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

CWE-20 Feb 19, 2011

CVE-2008-5394 1 PoC Analysis EPSS 0.00

Debian GNU/Linux - Local Privilege Escalation

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

CWE-59 Dec 09, 2008

CVE-2006-1174 EPSS 0.00

shadow-utils <4.0.3-4.0.8 - Info Disclosure

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

CWE-264 May 28, 2006

CVE-2006-1844 EPSS 0.00

Debian Installer - Info Disclosure

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

CVE-2004-1001 EPSS 0.00

Shadow <4.0.5 - Privilege Escalation

Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.