VulnerableCode Package Details - pkg:deb/debian/shadow@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2rhw-3aa1-k3fe	Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.	CVE-2002-1594
VCID-nx6h-9y1e-2ybh	The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.	CVE-2006-1183
VCID-w9fj-dfb7-z3gd	shadow-utils: useradd-mkdirs.patch creates intermediate directories with 0777	CVE-2018-16588
VCID-y9eh-xkcp-wqcs	passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.	CVE-2006-3597

Vulnerability

Summary

Aliases

VCID-2rhw-3aa1-k3fe

Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.

CVE-2002-1594

VCID-nx6h-9y1e-2ybh

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

CVE-2006-1183

VCID-w9fj-dfb7-z3gd

shadow-utils: useradd-mkdirs.patch creates intermediate directories with 0777

CVE-2018-16588

VCID-y9eh-xkcp-wqcs

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

CVE-2006-3597

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:45:42.711089+00:00	Debian Importer	Fixing	VCID-y9eh-xkcp-wqcs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:11:50.387514+00:00	Debian Importer	Fixing	VCID-w9fj-dfb7-z3gd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:36:00.306292+00:00	Debian Importer	Fixing	VCID-2rhw-3aa1-k3fe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:01:42.776941+00:00	Debian Importer	Fixing	VCID-nx6h-9y1e-2ybh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:45:08.316866+00:00	Debian Importer	Fixing	VCID-y9eh-xkcp-wqcs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:36:43.619581+00:00	Debian Importer	Fixing	VCID-w9fj-dfb7-z3gd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:09:46.188535+00:00	Debian Importer	Fixing	VCID-2rhw-3aa1-k3fe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:43:32.455178+00:00	Debian Importer	Fixing	VCID-nx6h-9y1e-2ybh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:54.702958+00:00	Debian Importer	Fixing	VCID-w9fj-dfb7-z3gd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:54.236307+00:00	Debian Importer	Fixing	VCID-y9eh-xkcp-wqcs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:54.014583+00:00	Debian Importer	Fixing	VCID-nx6h-9y1e-2ybh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:53.799899+00:00	Debian Importer	Fixing	VCID-2rhw-3aa1-k3fe	https://security-tracker.debian.org/tracker/data/json	38.1.0