Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6409?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6409?format=api", "purl": "pkg:deb/debian/shadow@980403-0.3", "type": "deb", "namespace": "debian", "name": "shadow", "version": "980403-0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100868?format=api", "vulnerability_id": "VCID-1825-pyg3-judq", "summary": "There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4890.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33044", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33147", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843", "reference_id": "628843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657784", "reference_id": "657784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657784" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=710208", "reference_id": "710208", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=710208" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6418?format=api", "purl": "pkg:deb/debian/shadow@1:4.1.5.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.1.5.1-1" } ], "aliases": [ "CVE-2005-4890" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1825-pyg3-judq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100867?format=api", "vulnerability_id": "VCID-asyx-dsrh-jucv", "summary": "Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-1001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23924", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-1001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309587", "reference_id": "309587", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309587" }, { "reference_url": "https://usn.ubuntu.com/17-1/", "reference_id": "USN-17-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/17-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6414?format=api", "purl": "pkg:deb/debian/shadow@1:4.0.18.1-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1825-pyg3-judq" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-fwpa-4fjf-cyck" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-xfkd-z39m-uqaa" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7" } ], "aliases": [ "CVE-2004-1001" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asyx-dsrh-jucv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95888?format=api", "vulnerability_id": "VCID-caep-b8wv-hqhw", "summary": "shadow-utils: possible password leak during passwd(1) change", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4641.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4641.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03478", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4641" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062", "reference_id": "1051062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215945", "reference_id": "2215945", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215945" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:9::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-4641", "reference_id": "CVE-2023-4641", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-4641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6632", "reference_id": "RHSA-2023:6632", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:6632" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7112", "reference_id": "RHSA-2023:7112", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0417", "reference_id": "RHSA-2024:0417", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2577", "reference_id": "RHSA-2024:2577", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-02T18:19:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2577" }, { "reference_url": "https://usn.ubuntu.com/6640-1/", "reference_id": "USN-6640-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6640-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511574?format=api", "purl": "pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2" } ], "aliases": [ "CVE-2023-4641" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-caep-b8wv-hqhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100880?format=api", "vulnerability_id": "VCID-cmu2-ae4p-gfgp", "summary": "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27724", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27791", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358625", "reference_id": "1358625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358625" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832170", "reference_id": "832170", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832170" }, { "reference_url": "https://security.gentoo.org/glsa/201706-02", "reference_id": "GLSA-201706-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201706-02" }, { "reference_url": "https://usn.ubuntu.com/3276-1/", "reference_id": "USN-3276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3276-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6420?format=api", "purl": "pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.2-3%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6421?format=api", "purl": "pkg:deb/debian/shadow@1:4.4-4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.4-4.1" } ], "aliases": [ "CVE-2016-6252" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmu2-ae4p-gfgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100877?format=api", "vulnerability_id": "VCID-fwpa-4fjf-cyck", "summary": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5394.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2433", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24432", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5394" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271", "reference_id": "505271", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271" }, { "reference_url": "https://security.gentoo.org/glsa/200903-24", "reference_id": "GLSA-200903-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200903-24" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/7313.sh", "reference_id": "OSVDB-50651;CVE-2008-5394", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/7313.sh" }, { "reference_url": "https://usn.ubuntu.com/695-1/", "reference_id": "USN-695-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/695-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6416?format=api", "purl": "pkg:deb/debian/shadow@1:4.1.1-6%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1825-pyg3-judq" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-xfkd-z39m-uqaa" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.1.1-6%252Blenny1" } ], "aliases": [ "CVE-2008-5394" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwpa-4fjf-cyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/369681?format=api", "vulnerability_id": "VCID-gva8-bmk5-byc1", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6420?format=api", "purl": "pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.2-3%252Bdeb8u4" } ], "aliases": [ "DSA-3793-2 shadow" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gva8-bmk5-byc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100881?format=api", "vulnerability_id": "VCID-m5g8-vygv-k7h8", "summary": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69405", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478359", "reference_id": "1478359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478359" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630", "reference_id": "756630", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630" }, { "reference_url": "https://security.gentoo.org/glsa/201710-16", "reference_id": "GLSA-201710-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-16" }, { "reference_url": "https://usn.ubuntu.com/5254-1/", "reference_id": "USN-5254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5254-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6422?format=api", "purl": "pkg:deb/debian/shadow@1:4.5-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.5-1.1" } ], "aliases": [ "CVE-2017-12424" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5g8-vygv-k7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100870?format=api", "vulnerability_id": "VCID-ne69-w9my-h3b5", "summary": "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1174.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26695", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618029", "reference_id": "1618029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618029" }, { "reference_url": "https://security.gentoo.org/glsa/200606-02", "reference_id": "GLSA-200606-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200606-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0276", "reference_id": "RHSA-2007:0276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0431", "reference_id": "RHSA-2007:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0431" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6414?format=api", "purl": "pkg:deb/debian/shadow@1:4.0.18.1-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1825-pyg3-judq" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-fwpa-4fjf-cyck" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-xfkd-z39m-uqaa" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7" } ], "aliases": [ "CVE-2006-1174" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ne69-w9my-h3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5995?format=api", "vulnerability_id": "VCID-ngtz-p6dp-1bdg", "summary": "privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19882.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19882.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26113", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26216", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19882" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788452", "reference_id": "1788452", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788452" }, { "reference_url": "https://security.archlinux.org/ASA-201912-4", "reference_id": "ASA-201912-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-4" }, { "reference_url": "https://security.archlinux.org/AVG-1079", "reference_id": "AVG-1079", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1079" }, { "reference_url": "https://security.gentoo.org/glsa/202008-09", "reference_id": "GLSA-202008-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6423?format=api", "purl": "pkg:deb/debian/shadow@1:4.8.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fx7-8gbq-5fc4" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1" } ], "aliases": [ "CVE-2019-19882" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngtz-p6dp-1bdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100873?format=api", "vulnerability_id": "VCID-pvaf-2w8m-dqh6", "summary": "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21443", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1844" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210", "reference_id": "358210", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6414?format=api", "purl": "pkg:deb/debian/shadow@1:4.0.18.1-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1825-pyg3-judq" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-fwpa-4fjf-cyck" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-xfkd-z39m-uqaa" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7" } ], "aliases": [ "CVE-2006-1844" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvaf-2w8m-dqh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100884?format=api", "vulnerability_id": "VCID-rzku-j388-8uac", "summary": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37023", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37114", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546241", "reference_id": "1546241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546241" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890557", "reference_id": "890557", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890557" }, { "reference_url": "https://security.gentoo.org/glsa/201805-09", "reference_id": "GLSA-201805-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201805-09" }, { "reference_url": "https://usn.ubuntu.com/5254-1/", "reference_id": "USN-5254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5254-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6423?format=api", "purl": "pkg:deb/debian/shadow@1:4.8.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fx7-8gbq-5fc4" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.8.1-1" } ], "aliases": [ "CVE-2018-7169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzku-j388-8uac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100872?format=api", "vulnerability_id": "VCID-u81v-k8sa-37dy", "summary": "The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15078", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15163", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1376" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210", "reference_id": "358210", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6414?format=api", "purl": "pkg:deb/debian/shadow@1:4.0.18.1-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1825-pyg3-judq" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-fwpa-4fjf-cyck" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-xfkd-z39m-uqaa" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7" } ], "aliases": [ "CVE-2006-1376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u81v-k8sa-37dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97076?format=api", "vulnerability_id": "VCID-x2fe-1t11-ubbn", "summary": "shadow: Improper input validation in shadow-utils package utility chfn", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29383.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29383" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482", "reference_id": "1034482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187184", "reference_id": "2187184", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187184" }, { "reference_url": "https://github.com/shadow-maint/shadow/pull/687", "reference_id": "687", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/" } ], "url": "https://github.com/shadow-maint/shadow/pull/687" }, { "reference_url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/", "reference_id": "cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/" } ], "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/" }, { "reference_url": "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d", "reference_id": "e5905c4b84d4fb90aefcd96ee618411ebfac663d", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/" } ], "url": "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d" }, { "reference_url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797", "reference_id": "?fid=31797", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:21:27Z/" } ], "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511574?format=api", "purl": "pkg:deb/debian/shadow@1:4.13%2Bdfsg1-1%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.13%252Bdfsg1-1%252Bdeb12u2" } ], "aliases": [ "CVE-2023-29383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2fe-1t11-ubbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100874?format=api", "vulnerability_id": "VCID-xfeg-m5k9-zbb7", "summary": "passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3378.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17642", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1772", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379174", "reference_id": "379174", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379174" }, { "reference_url": "https://usn.ubuntu.com/308-1/", "reference_id": "USN-308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/308-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6414?format=api", "purl": "pkg:deb/debian/shadow@1:4.0.18.1-7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1825-pyg3-judq" }, { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-fwpa-4fjf-cyck" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-xfkd-z39m-uqaa" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.0.18.1-7" } ], "aliases": [ "CVE-2006-3378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfeg-m5k9-zbb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100878?format=api", "vulnerability_id": "VCID-xfkd-z39m-uqaa", "summary": "Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0721.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80934", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80962", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0721" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=678897", "reference_id": "678897", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678897" }, { "reference_url": "https://security.gentoo.org/glsa/201412-09", "reference_id": "GLSA-201412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-09" }, { "reference_url": "https://usn.ubuntu.com/1065-1/", "reference_id": "USN-1065-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1065-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6418?format=api", "purl": "pkg:deb/debian/shadow@1:4.1.5.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-gva8-bmk5-byc1" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.1.5.1-1" } ], "aliases": [ "CVE-2011-0721" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfkd-z39m-uqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65357?format=api", "vulnerability_id": "VCID-yb5x-m5sw-6fga", "summary": "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1945", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19524", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616" }, { "reference_url": "http://www.securitytracker.com/id/1038271", "reference_id": "1038271", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "http://www.securitytracker.com/id/1038271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418710", "reference_id": "1418710", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418710" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943", "reference_id": "855943", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943" }, { "reference_url": "http://www.securityfocus.com/bid/96404", "reference_id": "96404", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "http://www.securityfocus.com/bid/96404" }, { "reference_url": "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891", "reference_id": "dffab154d29a288aa171ff50263ecc8f2e14a891", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3793", "reference_id": "dsa-3793", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "https://www.debian.org/security/2017/dsa-3793" }, { "reference_url": "https://security.gentoo.org/glsa/201706-02", "reference_id": "GLSA-201706-02", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "https://security.gentoo.org/glsa/201706-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0654", "reference_id": "RHSA-2017:0654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0654" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0654.html", "reference_id": "RHSA-2017-0654.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0654.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0907", "reference_id": "RHSA-2017:0907", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0907" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616", "reference_id": "show_bug.cgi?id=CVE-2017-2616", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616" }, { "reference_url": "https://usn.ubuntu.com/3276-1/", "reference_id": "USN-3276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3276-1/" }, { "reference_url": "https://usn.ubuntu.com/3276-3/", "reference_id": "USN-3276-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3276-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6420?format=api", "purl": "pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-cmu2-ae4p-gfgp" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-yb5x-m5sw-6fga" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.2-3%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6421?format=api", "purl": "pkg:deb/debian/shadow@1:4.4-4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-m5g8-vygv-k7h8" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" }, { "vulnerability": "VCID-zcvg-7dvz-tue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.4-4.1" } ], "aliases": [ "(+", "CVE-2017-2616", "fix)", "regression" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb5x-m5sw-6fga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100882?format=api", "vulnerability_id": "VCID-zcvg-7dvz-tue9", "summary": "The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16531", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16612", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957", "reference_id": "914957", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914957" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6422?format=api", "purl": "pkg:deb/debian/shadow@1:4.5-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-caep-b8wv-hqhw" }, { "vulnerability": "VCID-ngtz-p6dp-1bdg" }, { "vulnerability": "VCID-rzku-j388-8uac" }, { "vulnerability": "VCID-x2fe-1t11-ubbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@1:4.5-1.1" } ], "aliases": [ "CVE-2017-20002" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcvg-7dvz-tue9" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/shadow@980403-0.3" }