Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/shadow@980403-0.3
Typedeb
Namespacedebian
Nameshadow
Version980403-0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1:4.13+dfsg1-1+deb12u2
Latest_non_vulnerable_version1:4.13+dfsg1-1+deb12u2
Affected_by_vulnerabilities
0
url VCID-2b4p-nehx-eyae
vulnerability_id VCID-2b4p-nehx-eyae
summary coreutils: tty hijacking possible in "su" via TIOCSTI ioctl
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4890.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4890.json
1
reference_url https://access.redhat.com/security/cve/cve-2005-4890
reference_id
reference_type
scores
url https://access.redhat.com/security/cve/cve-2005-4890
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-4890
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33203
published_at 2026-04-18T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33185
published_at 2026-04-13T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33226
published_at 2026-04-16T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.33176
published_at 2026-04-01T12:55:00Z
4
value 0.00135
scoring_system epss
scoring_elements 0.33304
published_at 2026-04-02T12:55:00Z
5
value 0.00135
scoring_system epss
scoring_elements 0.33336
published_at 2026-04-04T12:55:00Z
6
value 0.00135
scoring_system epss
scoring_elements 0.33169
published_at 2026-04-07T12:55:00Z
7
value 0.00135
scoring_system epss
scoring_elements 0.33212
published_at 2026-04-08T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33246
published_at 2026-04-09T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33249
published_at 2026-04-11T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.33209
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-4890
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4890
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4890
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://security-tracker.debian.org/tracker/CVE-2005-4890
reference_id
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2005-4890
7
reference_url http://www.openwall.com/lists/oss-security/2012/11/06/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/06/8
8
reference_url http://www.openwall.com/lists/oss-security/2013/05/20/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/05/20/3
9
reference_url http://www.openwall.com/lists/oss-security/2013/11/28/10
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/11/28/10
10
reference_url http://www.openwall.com/lists/oss-security/2013/11/29/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/11/29/5
11
reference_url http://www.openwall.com/lists/oss-security/2014/10/20/9
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/10/20/9
12
reference_url http://www.openwall.com/lists/oss-security/2014/10/21/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/10/21/1
13
reference_url http://www.openwall.com/lists/oss-security/2014/12/15/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/12/15/5
14
reference_url http://www.openwall.com/lists/oss-security/2016/02/25/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/02/25/6
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843
reference_id 628843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657784
reference_id 657784
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657784
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=710208
reference_id 710208
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=710208
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:debian:shadow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2005-4890
reference_id CVE-2005-4890
reference_type
scores
0
value 7.2
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:C/I:C/A:C
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2005-4890
fixed_packages
0
url pkg:deb/debian/shadow@1:4.1.5.1-1
purl pkg:deb/debian/shadow@1:4.1.5.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-a5ny-vcsw-uqh1
2
vulnerability VCID-bcx3-q456-w7ad
3
vulnerability VCID-cabd-74q6-kug2
4
vulnerability VCID-m3za-mkkw-p7e2
5
vulnerability VCID-m4sf-znhe-gubc
6
vulnerability VCID-mp2r-dfng-27ew
7
vulnerability VCID-r9a4-2dw5-4bgq
8
vulnerability VCID-ueu4-n6bt-xfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.1.5.1-1
aliases CVE-2005-4890
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2b4p-nehx-eyae
1
url VCID-2bqp-dcbv-9yer
vulnerability_id VCID-2bqp-dcbv-9yer
summary passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3378.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3378.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-3378
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17372
published_at 2026-04-16T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17539
published_at 2026-04-02T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.17585
published_at 2026-04-04T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17366
published_at 2026-04-07T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.17458
published_at 2026-04-08T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17518
published_at 2026-04-09T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17531
published_at 2026-04-11T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17482
published_at 2026-04-12T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17429
published_at 2026-04-13T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.17381
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-3378
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3378
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3378
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379174
reference_id 379174
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379174
4
reference_url https://usn.ubuntu.com/308-1/
reference_id USN-308-1
reference_type
scores
url https://usn.ubuntu.com/308-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.0.18.1-7
purl pkg:deb/debian/shadow@1:4.0.18.1-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4p-nehx-eyae
1
vulnerability VCID-3wz1-hz4q-rqh5
2
vulnerability VCID-74yx-3zfw-w7f2
3
vulnerability VCID-a5ny-vcsw-uqh1
4
vulnerability VCID-bcx3-q456-w7ad
5
vulnerability VCID-cabd-74q6-kug2
6
vulnerability VCID-m3za-mkkw-p7e2
7
vulnerability VCID-m4sf-znhe-gubc
8
vulnerability VCID-mp2r-dfng-27ew
9
vulnerability VCID-r9a4-2dw5-4bgq
10
vulnerability VCID-ueu4-n6bt-xfat
11
vulnerability VCID-zbq9-jt94-ckhd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7
aliases CVE-2006-3378
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bqp-dcbv-9yer
2
url VCID-3wz1-hz4q-rqh5
vulnerability_id VCID-3wz1-hz4q-rqh5
summary 
An insecure temporary file usage in Shadow may allow local users to gain
    root privileges.
references
0
reference_url http://bugs.debian.org/332198
reference_id
reference_type
scores
url http://bugs.debian.org/332198
1
reference_url http://bugs.debian.org/505071
reference_id
reference_type
scores
url http://bugs.debian.org/505071
2
reference_url http://bugs.debian.org/505271
reference_id
reference_type
scores
url http://bugs.debian.org/505271
3
reference_url http://osvdb.org/52200
reference_id
reference_type
scores
url http://osvdb.org/52200
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5394.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5394.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5394
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24326
published_at 2026-04-18T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24346
published_at 2026-04-01T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24472
published_at 2026-04-02T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24506
published_at 2026-04-04T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.24289
published_at 2026-04-07T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24357
published_at 2026-04-08T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24401
published_at 2026-04-09T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24417
published_at 2026-04-11T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24375
published_at 2026-04-12T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.24319
published_at 2026-04-13T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.24336
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5394
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394
7
reference_url http://security.gentoo.org/glsa/glsa-200903-24.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200903-24.xml
8
reference_url http://securityreason.com/securityalert/4695
reference_id
reference_type
scores
url http://securityreason.com/securityalert/4695
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/47037
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/47037
10
reference_url https://www.exploit-db.com/exploits/7313
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/7313
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2009:062
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2009:062
12
reference_url http://www.securityfocus.com/archive/1/498769/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/498769/100/0/threaded
13
reference_url http://www.securityfocus.com/bid/32552
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/32552
14
reference_url http://www.ubuntu.com/usn/usn-695-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/usn-695-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271
reference_id 505271
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:4.0.18.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:debian:shadow:4.0.18.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:4.0.18.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-5394
reference_id CVE-2008-5394
reference_type
scores
0
value 7.2
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:C/I:C/A:C
url https://nvd.nist.gov/vuln/detail/CVE-2008-5394
18
reference_url https://security.gentoo.org/glsa/200903-24
reference_id GLSA-200903-24
reference_type
scores
url https://security.gentoo.org/glsa/200903-24
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/7313.sh
reference_id OSVDB-50651;CVE-2008-5394
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/7313.sh
20
reference_url https://usn.ubuntu.com/695-1/
reference_id USN-695-1
reference_type
scores
url https://usn.ubuntu.com/695-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.1.1-6%2Blenny1
purl pkg:deb/debian/shadow@1:4.1.1-6%2Blenny1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4p-nehx-eyae
1
vulnerability VCID-74yx-3zfw-w7f2
2
vulnerability VCID-a5ny-vcsw-uqh1
3
vulnerability VCID-bcx3-q456-w7ad
4
vulnerability VCID-cabd-74q6-kug2
5
vulnerability VCID-m3za-mkkw-p7e2
6
vulnerability VCID-m4sf-znhe-gubc
7
vulnerability VCID-mp2r-dfng-27ew
8
vulnerability VCID-r9a4-2dw5-4bgq
9
vulnerability VCID-ueu4-n6bt-xfat
10
vulnerability VCID-zbq9-jt94-ckhd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.1.1-6%252Blenny1
aliases CVE-2008-5394
risk_score 10.0
exploitability 2.0
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wz1-hz4q-rqh5
3
url VCID-74yx-3zfw-w7f2
vulnerability_id VCID-74yx-3zfw-w7f2
summary 
A vulnerability found in Shadow may allow local attackers to bypass
    security restrictions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7169.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7169
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.43958
published_at 2026-04-18T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.43935
published_at 2026-04-09T12:55:00Z
2
value 0.00214
scoring_system epss
scoring_elements 0.43952
published_at 2026-04-11T12:55:00Z
3
value 0.00214
scoring_system epss
scoring_elements 0.4392
published_at 2026-04-12T12:55:00Z
4
value 0.00214
scoring_system epss
scoring_elements 0.43905
published_at 2026-04-13T12:55:00Z
5
value 0.00214
scoring_system epss
scoring_elements 0.43966
published_at 2026-04-16T12:55:00Z
6
value 0.00239
scoring_system epss
scoring_elements 0.4697
published_at 2026-04-01T12:55:00Z
7
value 0.00239
scoring_system epss
scoring_elements 0.47007
published_at 2026-04-02T12:55:00Z
8
value 0.00239
scoring_system epss
scoring_elements 0.47025
published_at 2026-04-04T12:55:00Z
9
value 0.00239
scoring_system epss
scoring_elements 0.46973
published_at 2026-04-07T12:55:00Z
10
value 0.00239
scoring_system epss
scoring_elements 0.47028
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7169
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1546241
reference_id 1546241
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1546241
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890557
reference_id 890557
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890557
6
reference_url https://security.gentoo.org/glsa/201805-09
reference_id GLSA-201805-09
reference_type
scores
url https://security.gentoo.org/glsa/201805-09
7
reference_url https://usn.ubuntu.com/5254-1/
reference_id USN-5254-1
reference_type
scores
url https://usn.ubuntu.com/5254-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.8.1-1
purl pkg:deb/debian/shadow@1:4.8.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bcx3-q456-w7ad
1
vulnerability VCID-m3za-mkkw-p7e2
2
vulnerability VCID-shuq-ufcc-ruf5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1
aliases CVE-2018-7169
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74yx-3zfw-w7f2
4
url VCID-a5ny-vcsw-uqh1
vulnerability_id VCID-a5ny-vcsw-uqh1
summary 
Multiple vulnerabilities have been found in Shadow, the worst of
    which might allow privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2616.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2616.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2616
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19196
published_at 2026-04-18T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19295
published_at 2026-04-01T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19429
published_at 2026-04-02T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19477
published_at 2026-04-04T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19195
published_at 2026-04-07T12:55:00Z
5
value 0.00062
scoring_system epss
scoring_elements 0.19273
published_at 2026-04-08T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19325
published_at 2026-04-09T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.1933
published_at 2026-04-11T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19282
published_at 2026-04-12T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.19227
published_at 2026-04-13T12:55:00Z
10
value 0.00062
scoring_system epss
scoring_elements 0.19187
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2616
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
4
reference_url http://www.securitytracker.com/id/1038271
reference_id 1038271
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url http://www.securitytracker.com/id/1038271
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1418710
reference_id 1418710
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1418710
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
reference_id 855943
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
7
reference_url http://www.securityfocus.com/bid/96404
reference_id 96404
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url http://www.securityfocus.com/bid/96404
8
reference_url https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
reference_id dffab154d29a288aa171ff50263ecc8f2e14a891
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
9
reference_url https://www.debian.org/security/2017/dsa-3793
reference_id dsa-3793
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url https://www.debian.org/security/2017/dsa-3793
10
reference_url https://security.gentoo.org/glsa/201706-02
reference_id GLSA-201706-02
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url https://security.gentoo.org/glsa/201706-02
11
reference_url https://access.redhat.com/errata/RHSA-2017:0654
reference_id RHSA-2017:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0654
12
reference_url http://rhn.redhat.com/errata/RHSA-2017-0654.html
reference_id RHSA-2017-0654.html
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url http://rhn.redhat.com/errata/RHSA-2017-0654.html
13
reference_url https://access.redhat.com/errata/RHSA-2017:0907
reference_id RHSA-2017:0907
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url https://access.redhat.com/errata/RHSA-2017:0907
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616
reference_id show_bug.cgi?id=CVE-2017-2616
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616
15
reference_url https://usn.ubuntu.com/3276-1/
reference_id USN-3276-1
reference_type
scores
url https://usn.ubuntu.com/3276-1/
16
reference_url https://usn.ubuntu.com/3276-3/
reference_id USN-3276-3
reference_type
scores
url https://usn.ubuntu.com/3276-3/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
purl pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-a5ny-vcsw-uqh1
2
vulnerability VCID-bcx3-q456-w7ad
3
vulnerability VCID-cabd-74q6-kug2
4
vulnerability VCID-m3za-mkkw-p7e2
5
vulnerability VCID-m4sf-znhe-gubc
6
vulnerability VCID-r9a4-2dw5-4bgq
7
vulnerability VCID-ueu4-n6bt-xfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.2-3%252Bdeb8u4
1
url pkg:deb/debian/shadow@1:4.4-4.1
purl pkg:deb/debian/shadow@1:4.4-4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-bcx3-q456-w7ad
2
vulnerability VCID-cabd-74q6-kug2
3
vulnerability VCID-m3za-mkkw-p7e2
4
vulnerability VCID-m4sf-znhe-gubc
5
vulnerability VCID-r9a4-2dw5-4bgq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.4-4.1
aliases (+, CVE-2017-2616, fix), regression
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ny-vcsw-uqh1
5
url VCID-bcx3-q456-w7ad
vulnerability_id VCID-bcx3-q456-w7ad
summary shadow-utils: possible password leak during passwd(1) change
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4641.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4641.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4641
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03295
published_at 2026-04-02T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03297
published_at 2026-04-11T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03269
published_at 2026-04-12T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03249
published_at 2026-04-13T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03225
published_at 2026-04-16T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03306
published_at 2026-04-04T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03314
published_at 2026-04-07T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03319
published_at 2026-04-08T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03339
published_at 2026-04-09T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03425
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4641
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062
reference_id 1051062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2215945
reference_id 2215945
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2215945
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
reference_id cpe:/a:redhat:enterprise_linux:8::crb
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
reference_id cpe:/a:redhat:enterprise_linux:9::crb
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb
reference_id cpe:/a:redhat:rhel_eus:8.6::crb
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb
reference_id cpe:/a:redhat:rhel_eus:8.8::crb
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
reference_id cpe:/o:redhat:rhel_eus:8.6::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
reference_id cpe:/o:redhat:rhel_eus:8.8::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
16
reference_url https://access.redhat.com/security/cve/CVE-2023-4641
reference_id CVE-2023-4641
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/
url https://access.redhat.com/security/cve/CVE-2023-4641
17
reference_url https://access.redhat.com/errata/RHSA-2023:6632
reference_id RHSA-2023:6632
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/
url https://access.redhat.com/errata/RHSA-2023:6632
18
reference_url https://access.redhat.com/errata/RHSA-2023:7112
reference_id RHSA-2023:7112
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/
url https://access.redhat.com/errata/RHSA-2023:7112
19
reference_url https://access.redhat.com/errata/RHSA-2024:0417
reference_id RHSA-2024:0417
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/
url https://access.redhat.com/errata/RHSA-2024:0417
20
reference_url https://access.redhat.com/errata/RHSA-2024:2577
reference_id RHSA-2024:2577
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/
url https://access.redhat.com/errata/RHSA-2024:2577
21
reference_url https://usn.ubuntu.com/6640-1/
reference_id USN-6640-1
reference_type
scores
url https://usn.ubuntu.com/6640-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2
purl pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2
aliases CVE-2023-4641
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bcx3-q456-w7ad
6
url VCID-cabd-74q6-kug2
vulnerability_id VCID-cabd-74q6-kug2
summary The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-20002
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16147
published_at 2026-04-01T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.1633
published_at 2026-04-02T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16391
published_at 2026-04-04T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.1619
published_at 2026-04-07T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16276
published_at 2026-04-08T12:55:00Z
5
value 0.00052
scoring_system epss
scoring_elements 0.1634
published_at 2026-04-09T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16321
published_at 2026-04-11T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16282
published_at 2026-04-12T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16214
published_at 2026-04-13T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16151
published_at 2026-04-16T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16168
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-20002
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20002
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20002
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957
reference_id 914957
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957
fixed_packages
0
url pkg:deb/debian/shadow@1:4.5-1.1
purl pkg:deb/debian/shadow@1:4.5-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-bcx3-q456-w7ad
2
vulnerability VCID-m3za-mkkw-p7e2
3
vulnerability VCID-r9a4-2dw5-4bgq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.5-1.1
aliases CVE-2017-20002
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cabd-74q6-kug2
7
url VCID-gzq6-6n1d-jyd7
vulnerability_id VCID-gzq6-6n1d-jyd7
summary The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-1844
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21196
published_at 2026-04-01T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21347
published_at 2026-04-02T12:55:00Z
2
value 0.00069
scoring_system epss
scoring_elements 0.21402
published_at 2026-04-04T12:55:00Z
3
value 0.00069
scoring_system epss
scoring_elements 0.21155
published_at 2026-04-07T12:55:00Z
4
value 0.00069
scoring_system epss
scoring_elements 0.21234
published_at 2026-04-08T12:55:00Z
5
value 0.00069
scoring_system epss
scoring_elements 0.21296
published_at 2026-04-09T12:55:00Z
6
value 0.00069
scoring_system epss
scoring_elements 0.21306
published_at 2026-04-11T12:55:00Z
7
value 0.00069
scoring_system epss
scoring_elements 0.21265
published_at 2026-04-12T12:55:00Z
8
value 0.00069
scoring_system epss
scoring_elements 0.21212
published_at 2026-04-13T12:55:00Z
9
value 0.00069
scoring_system epss
scoring_elements 0.21205
published_at 2026-04-16T12:55:00Z
10
value 0.00069
scoring_system epss
scoring_elements 0.21215
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-1844
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1844
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
reference_id 356939
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
fixed_packages
0
url pkg:deb/debian/shadow@1:4.0.18.1-7
purl pkg:deb/debian/shadow@1:4.0.18.1-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4p-nehx-eyae
1
vulnerability VCID-3wz1-hz4q-rqh5
2
vulnerability VCID-74yx-3zfw-w7f2
3
vulnerability VCID-a5ny-vcsw-uqh1
4
vulnerability VCID-bcx3-q456-w7ad
5
vulnerability VCID-cabd-74q6-kug2
6
vulnerability VCID-m3za-mkkw-p7e2
7
vulnerability VCID-m4sf-znhe-gubc
8
vulnerability VCID-mp2r-dfng-27ew
9
vulnerability VCID-r9a4-2dw5-4bgq
10
vulnerability VCID-ueu4-n6bt-xfat
11
vulnerability VCID-zbq9-jt94-ckhd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7
aliases CVE-2006-1844
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzq6-6n1d-jyd7
8
url VCID-jbed-4gsv-xkhu
vulnerability_id VCID-jbed-4gsv-xkhu
summary 
A security issue in shadow allows a local user to perform certain actions
    with escalated privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1174.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1174.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-1174
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.2675
published_at 2026-04-01T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26795
published_at 2026-04-02T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26836
published_at 2026-04-04T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.2662
published_at 2026-04-07T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.26687
published_at 2026-04-08T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.26738
published_at 2026-04-09T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26742
published_at 2026-04-11T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.26697
published_at 2026-04-12T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.2664
published_at 2026-04-13T12:55:00Z
9
value 0.00096
scoring_system epss
scoring_elements 0.26648
published_at 2026-04-16T12:55:00Z
10
value 0.00096
scoring_system epss
scoring_elements 0.26619
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-1174
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1618029
reference_id 1618029
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1618029
4
reference_url https://security.gentoo.org/glsa/200606-02
reference_id GLSA-200606-02
reference_type
scores
url https://security.gentoo.org/glsa/200606-02
5
reference_url https://access.redhat.com/errata/RHSA-2007:0276
reference_id RHSA-2007:0276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0276
6
reference_url https://access.redhat.com/errata/RHSA-2007:0431
reference_id RHSA-2007:0431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0431
fixed_packages
0
url pkg:deb/debian/shadow@1:4.0.18.1-7
purl pkg:deb/debian/shadow@1:4.0.18.1-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4p-nehx-eyae
1
vulnerability VCID-3wz1-hz4q-rqh5
2
vulnerability VCID-74yx-3zfw-w7f2
3
vulnerability VCID-a5ny-vcsw-uqh1
4
vulnerability VCID-bcx3-q456-w7ad
5
vulnerability VCID-cabd-74q6-kug2
6
vulnerability VCID-m3za-mkkw-p7e2
7
vulnerability VCID-m4sf-znhe-gubc
8
vulnerability VCID-mp2r-dfng-27ew
9
vulnerability VCID-r9a4-2dw5-4bgq
10
vulnerability VCID-ueu4-n6bt-xfat
11
vulnerability VCID-zbq9-jt94-ckhd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7
aliases CVE-2006-1174
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbed-4gsv-xkhu
9
url VCID-m3za-mkkw-p7e2
vulnerability_id VCID-m3za-mkkw-p7e2
summary shadow: Improper input validation in shadow-utils package utility chfn
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29383.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29383.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29383
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06977
published_at 2026-04-02T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07011
published_at 2026-04-07T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07031
published_at 2026-04-04T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07066
published_at 2026-04-08T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.07096
published_at 2026-04-09T12:55:00Z
5
value 0.00025
scoring_system epss
scoring_elements 0.07104
published_at 2026-04-11T12:55:00Z
6
value 0.00025
scoring_system epss
scoring_elements 0.07092
published_at 2026-04-12T12:55:00Z
7
value 0.00025
scoring_system epss
scoring_elements 0.07082
published_at 2026-04-13T12:55:00Z
8
value 0.00028
scoring_system epss
scoring_elements 0.07911
published_at 2026-04-16T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08592
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29383
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29383
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29383
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482
reference_id 1034482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2187184
reference_id 2187184
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2187184
6
reference_url https://github.com/shadow-maint/shadow/pull/687
reference_id 687
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/
url https://github.com/shadow-maint/shadow/pull/687
7
reference_url https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
reference_id cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/
url https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
8
reference_url https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
reference_id e5905c4b84d4fb90aefcd96ee618411ebfac663d
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/
url https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
9
reference_url https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
reference_id ?fid=31797
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/
url https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
fixed_packages
0
url pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2
purl pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2
aliases CVE-2023-29383
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3za-mkkw-p7e2
10
url VCID-m4sf-znhe-gubc
vulnerability_id VCID-m4sf-znhe-gubc
summary 
A vulnerability found in Shadow may allow remote attackers to cause
    a Denial of Service condition or produce other unspecified behaviors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12424.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12424.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12424
reference_id
reference_type
scores
0
value 0.00583
scoring_system epss
scoring_elements 0.69028
published_at 2026-04-18T12:55:00Z
1
value 0.00583
scoring_system epss
scoring_elements 0.69007
published_at 2026-04-12T12:55:00Z
2
value 0.00583
scoring_system epss
scoring_elements 0.68978
published_at 2026-04-13T12:55:00Z
3
value 0.00583
scoring_system epss
scoring_elements 0.69019
published_at 2026-04-16T12:55:00Z
4
value 0.00633
scoring_system epss
scoring_elements 0.70306
published_at 2026-04-02T12:55:00Z
5
value 0.00633
scoring_system epss
scoring_elements 0.703
published_at 2026-04-07T12:55:00Z
6
value 0.00633
scoring_system epss
scoring_elements 0.70345
published_at 2026-04-08T12:55:00Z
7
value 0.00633
scoring_system epss
scoring_elements 0.7036
published_at 2026-04-09T12:55:00Z
8
value 0.00633
scoring_system epss
scoring_elements 0.70384
published_at 2026-04-11T12:55:00Z
9
value 0.00633
scoring_system epss
scoring_elements 0.70293
published_at 2026-04-01T12:55:00Z
10
value 0.00633
scoring_system epss
scoring_elements 0.70323
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12424
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:P/I:P/A:P
1
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1478359
reference_id 1478359
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1478359
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630
reference_id 756630
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630
6
reference_url https://security.gentoo.org/glsa/201710-16
reference_id GLSA-201710-16
reference_type
scores
url https://security.gentoo.org/glsa/201710-16
7
reference_url https://usn.ubuntu.com/5254-1/
reference_id USN-5254-1
reference_type
scores
url https://usn.ubuntu.com/5254-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.5-1.1
purl pkg:deb/debian/shadow@1:4.5-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-bcx3-q456-w7ad
2
vulnerability VCID-m3za-mkkw-p7e2
3
vulnerability VCID-r9a4-2dw5-4bgq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.5-1.1
aliases CVE-2017-12424
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sf-znhe-gubc
11
url VCID-m7wk-m2nu-abgf
vulnerability_id VCID-m7wk-m2nu-abgf
summary The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-1376
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14684
published_at 2026-04-12T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14734
published_at 2026-04-02T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.14809
published_at 2026-04-04T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.14613
published_at 2026-04-07T12:55:00Z
4
value 0.00047
scoring_system epss
scoring_elements 0.14702
published_at 2026-04-08T12:55:00Z
5
value 0.00047
scoring_system epss
scoring_elements 0.14762
published_at 2026-04-09T12:55:00Z
6
value 0.00047
scoring_system epss
scoring_elements 0.14722
published_at 2026-04-11T12:55:00Z
7
value 0.00047
scoring_system epss
scoring_elements 0.1463
published_at 2026-04-13T12:55:00Z
8
value 0.00047
scoring_system epss
scoring_elements 0.14521
published_at 2026-04-16T12:55:00Z
9
value 0.00047
scoring_system epss
scoring_elements 0.14527
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-1376
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1376
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
reference_id 356939
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
fixed_packages
0
url pkg:deb/debian/shadow@1:4.0.18.1-7
purl pkg:deb/debian/shadow@1:4.0.18.1-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4p-nehx-eyae
1
vulnerability VCID-3wz1-hz4q-rqh5
2
vulnerability VCID-74yx-3zfw-w7f2
3
vulnerability VCID-a5ny-vcsw-uqh1
4
vulnerability VCID-bcx3-q456-w7ad
5
vulnerability VCID-cabd-74q6-kug2
6
vulnerability VCID-m3za-mkkw-p7e2
7
vulnerability VCID-m4sf-znhe-gubc
8
vulnerability VCID-mp2r-dfng-27ew
9
vulnerability VCID-r9a4-2dw5-4bgq
10
vulnerability VCID-ueu4-n6bt-xfat
11
vulnerability VCID-zbq9-jt94-ckhd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7
aliases CVE-2006-1376
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7wk-m2nu-abgf
12
url VCID-mp2r-dfng-27ew
vulnerability_id VCID-mp2r-dfng-27ew
summary regression update
references
fixed_packages
0
url pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
purl pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-a5ny-vcsw-uqh1
2
vulnerability VCID-bcx3-q456-w7ad
3
vulnerability VCID-cabd-74q6-kug2
4
vulnerability VCID-m3za-mkkw-p7e2
5
vulnerability VCID-m4sf-znhe-gubc
6
vulnerability VCID-r9a4-2dw5-4bgq
7
vulnerability VCID-ueu4-n6bt-xfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.2-3%252Bdeb8u4
aliases DSA-3793-2 shadow
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mp2r-dfng-27ew
13
url VCID-r9a4-2dw5-4bgq
vulnerability_id VCID-r9a4-2dw5-4bgq
summary 
Multiple Shadow utilities were installed with setuid permissions,
    allowing possible root privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19882.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19882.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19882
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26202
published_at 2026-04-01T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26282
published_at 2026-04-02T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26324
published_at 2026-04-04T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26096
published_at 2026-04-07T12:55:00Z
4
value 0.00094
scoring_system epss
scoring_elements 0.26163
published_at 2026-04-08T12:55:00Z
5
value 0.00094
scoring_system epss
scoring_elements 0.26211
published_at 2026-04-09T12:55:00Z
6
value 0.00094
scoring_system epss
scoring_elements 0.2622
published_at 2026-04-11T12:55:00Z
7
value 0.00094
scoring_system epss
scoring_elements 0.26174
published_at 2026-04-12T12:55:00Z
8
value 0.00094
scoring_system epss
scoring_elements 0.26115
published_at 2026-04-13T12:55:00Z
9
value 0.00094
scoring_system epss
scoring_elements 0.26119
published_at 2026-04-16T12:55:00Z
10
value 0.00094
scoring_system epss
scoring_elements 0.26097
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19882
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788452
reference_id 1788452
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788452
4
reference_url https://security.archlinux.org/ASA-201912-4
reference_id ASA-201912-4
reference_type
scores
url https://security.archlinux.org/ASA-201912-4
5
reference_url https://security.archlinux.org/AVG-1079
reference_id AVG-1079
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1079
6
reference_url https://security.gentoo.org/glsa/202008-09
reference_id GLSA-202008-09
reference_type
scores
url https://security.gentoo.org/glsa/202008-09
fixed_packages
0
url pkg:deb/debian/shadow@1:4.8.1-1
purl pkg:deb/debian/shadow@1:4.8.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bcx3-q456-w7ad
1
vulnerability VCID-m3za-mkkw-p7e2
2
vulnerability VCID-shuq-ufcc-ruf5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1
aliases CVE-2019-19882
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9a4-2dw5-4bgq
14
url VCID-ueu4-n6bt-xfat
vulnerability_id VCID-ueu4-n6bt-xfat
summary 
Multiple vulnerabilities have been found in Shadow, the worst of
    which might allow privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6252.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6252
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.28229
published_at 2026-04-01T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.28142
published_at 2026-04-18T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.28148
published_at 2026-04-13T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.28161
published_at 2026-04-16T12:55:00Z
4
value 0.00103
scoring_system epss
scoring_elements 0.28299
published_at 2026-04-02T12:55:00Z
5
value 0.00103
scoring_system epss
scoring_elements 0.28343
published_at 2026-04-04T12:55:00Z
6
value 0.00103
scoring_system epss
scoring_elements 0.28134
published_at 2026-04-07T12:55:00Z
7
value 0.00103
scoring_system epss
scoring_elements 0.282
published_at 2026-04-08T12:55:00Z
8
value 0.00103
scoring_system epss
scoring_elements 0.28243
published_at 2026-04-09T12:55:00Z
9
value 0.00103
scoring_system epss
scoring_elements 0.28249
published_at 2026-04-11T12:55:00Z
10
value 0.00103
scoring_system epss
scoring_elements 0.28206
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6252
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:S/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1358625
reference_id 1358625
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1358625
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832170
reference_id 832170
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832170
7
reference_url https://security.gentoo.org/glsa/201706-02
reference_id GLSA-201706-02
reference_type
scores
url https://security.gentoo.org/glsa/201706-02
8
reference_url https://usn.ubuntu.com/3276-1/
reference_id USN-3276-1
reference_type
scores
url https://usn.ubuntu.com/3276-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
purl pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-a5ny-vcsw-uqh1
2
vulnerability VCID-bcx3-q456-w7ad
3
vulnerability VCID-cabd-74q6-kug2
4
vulnerability VCID-m3za-mkkw-p7e2
5
vulnerability VCID-m4sf-znhe-gubc
6
vulnerability VCID-r9a4-2dw5-4bgq
7
vulnerability VCID-ueu4-n6bt-xfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.2-3%252Bdeb8u4
1
url pkg:deb/debian/shadow@1:4.4-4.1
purl pkg:deb/debian/shadow@1:4.4-4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-bcx3-q456-w7ad
2
vulnerability VCID-cabd-74q6-kug2
3
vulnerability VCID-m3za-mkkw-p7e2
4
vulnerability VCID-m4sf-znhe-gubc
5
vulnerability VCID-r9a4-2dw5-4bgq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.4-4.1
aliases CVE-2016-6252
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueu4-n6bt-xfat
15
url VCID-z4em-vwpw-efd7
vulnerability_id VCID-z4em-vwpw-efd7
summary Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
references
0
reference_url http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894
reference_id
reference_type
scores
url http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2004-1001
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.23909
published_at 2026-04-16T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23923
published_at 2026-04-01T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.24048
published_at 2026-04-02T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.24087
published_at 2026-04-04T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.23869
published_at 2026-04-07T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23936
published_at 2026-04-08T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23983
published_at 2026-04-09T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.23999
published_at 2026-04-11T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.23956
published_at 2026-04-12T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.23899
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2004-1001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001
3
reference_url http://secunia.com/advisories/13028
reference_id
reference_type
scores
url http://secunia.com/advisories/13028
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/17902
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/17902
5
reference_url http://www.debian.org/security/2004/dsa-585
reference_id
reference_type
scores
url http://www.debian.org/security/2004/dsa-585
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309587
reference_id 309587
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309587
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:4.0.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:debian:shadow:4.0.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:4.0.4.1:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2004-1001
reference_id CVE-2004-1001
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2004-1001
9
reference_url https://usn.ubuntu.com/17-1/
reference_id USN-17-1
reference_type
scores
url https://usn.ubuntu.com/17-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.0.18.1-7
purl pkg:deb/debian/shadow@1:4.0.18.1-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4p-nehx-eyae
1
vulnerability VCID-3wz1-hz4q-rqh5
2
vulnerability VCID-74yx-3zfw-w7f2
3
vulnerability VCID-a5ny-vcsw-uqh1
4
vulnerability VCID-bcx3-q456-w7ad
5
vulnerability VCID-cabd-74q6-kug2
6
vulnerability VCID-m3za-mkkw-p7e2
7
vulnerability VCID-m4sf-znhe-gubc
8
vulnerability VCID-mp2r-dfng-27ew
9
vulnerability VCID-r9a4-2dw5-4bgq
10
vulnerability VCID-ueu4-n6bt-xfat
11
vulnerability VCID-zbq9-jt94-ckhd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7
aliases CVE-2004-1001
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4em-vwpw-efd7
16
url VCID-zbq9-jt94-ckhd
vulnerability_id VCID-zbq9-jt94-ckhd
summary 
This GLSA contains notification of vulnerabilities found in several
    Gentoo packages which have been fixed prior to January 1, 2012. The worst
    of these vulnerabilities could lead to local privilege escalation and
    remote code execution. Please see the package list and CVE identifiers
    below for more information.
references
0
reference_url http://osvdb.org/70895
reference_id
reference_type
scores
url http://osvdb.org/70895
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0721.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0721.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0721
reference_id
reference_type
scores
0
value 0.0142
scoring_system epss
scoring_elements 0.80619
published_at 2026-04-18T12:55:00Z
1
value 0.0142
scoring_system epss
scoring_elements 0.80532
published_at 2026-04-01T12:55:00Z
2
value 0.0142
scoring_system epss
scoring_elements 0.80539
published_at 2026-04-02T12:55:00Z
3
value 0.0142
scoring_system epss
scoring_elements 0.80561
published_at 2026-04-04T12:55:00Z
4
value 0.0142
scoring_system epss
scoring_elements 0.80553
published_at 2026-04-07T12:55:00Z
5
value 0.0142
scoring_system epss
scoring_elements 0.80582
published_at 2026-04-08T12:55:00Z
6
value 0.0142
scoring_system epss
scoring_elements 0.80592
published_at 2026-04-09T12:55:00Z
7
value 0.0142
scoring_system epss
scoring_elements 0.80609
published_at 2026-04-11T12:55:00Z
8
value 0.0142
scoring_system epss
scoring_elements 0.80596
published_at 2026-04-12T12:55:00Z
9
value 0.0142
scoring_system epss
scoring_elements 0.80588
published_at 2026-04-13T12:55:00Z
10
value 0.0142
scoring_system epss
scoring_elements 0.80617
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0721
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0721
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0721
4
reference_url http://secunia.com/advisories/42505
reference_id
reference_type
scores
url http://secunia.com/advisories/42505
5
reference_url http://secunia.com/advisories/43345
reference_id
reference_type
scores
url http://secunia.com/advisories/43345
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/65564
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/65564
7
reference_url http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014
reference_id
reference_type
scores
url http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.380014
8
reference_url http://www.debian.org/security/2011/dsa-2164
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2164
9
reference_url http://www.securityfocus.com/bid/46426
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46426
10
reference_url http://www.ubuntu.com/usn/USN-1065-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1065-1
11
reference_url http://www.vupen.com/english/advisories/2011/0396
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0396
12
reference_url http://www.vupen.com/english/advisories/2011/0398
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0398
13
reference_url http://www.vupen.com/english/advisories/2011/0773
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0773
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=678897
reference_id 678897
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=678897
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:1\:4.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:debian:shadow:1\:4.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:shadow:1\:4.1.4:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0721
reference_id CVE-2011-0721
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2011-0721
17
reference_url https://security.gentoo.org/glsa/201412-09
reference_id GLSA-201412-09
reference_type
scores
url https://security.gentoo.org/glsa/201412-09
18
reference_url https://usn.ubuntu.com/1065-1/
reference_id USN-1065-1
reference_type
scores
url https://usn.ubuntu.com/1065-1/
fixed_packages
0
url pkg:deb/debian/shadow@1:4.1.5.1-1
purl pkg:deb/debian/shadow@1:4.1.5.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74yx-3zfw-w7f2
1
vulnerability VCID-a5ny-vcsw-uqh1
2
vulnerability VCID-bcx3-q456-w7ad
3
vulnerability VCID-cabd-74q6-kug2
4
vulnerability VCID-m3za-mkkw-p7e2
5
vulnerability VCID-m4sf-znhe-gubc
6
vulnerability VCID-mp2r-dfng-27ew
7
vulnerability VCID-r9a4-2dw5-4bgq
8
vulnerability VCID-ueu4-n6bt-xfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.1.5.1-1
aliases CVE-2011-0721
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbq9-jt94-ckhd
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@980403-0.3