Search for packages
| purl | pkg:deb/debian/shadow@1:4.0.18.1-7%2Betch1 |
| Next non-vulnerable version | 1:4.13+dfsg1-1+deb12u2 |
| Latest non-vulnerable version | 1:4.13+dfsg1-1+deb12u2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2b4p-nehx-eyae
Aliases: CVE-2005-4890 |
coreutils: tty hijacking possible in "su" via TIOCSTI ioctl |
Affected by 9 other vulnerabilities. |
|
VCID-3wz1-hz4q-rqh5
Aliases: CVE-2008-5394 |
An insecure temporary file usage in Shadow may allow local users to gain root privileges. |
Affected by 11 other vulnerabilities. |
|
VCID-74yx-3zfw-w7f2
Aliases: CVE-2018-7169 |
A vulnerability found in Shadow may allow local attackers to bypass security restrictions. |
Affected by 3 other vulnerabilities. |
|
VCID-a5ny-vcsw-uqh1
Aliases: (+ CVE-2017-2616 fix) regression |
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. |
Affected by 8 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-bcx3-q456-w7ad
Aliases: CVE-2023-4641 |
shadow-utils: possible password leak during passwd(1) change |
Affected by 0 other vulnerabilities. |
|
VCID-cabd-74q6-kug2
Aliases: CVE-2017-20002 |
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
Affected by 4 other vulnerabilities. |
|
VCID-m3za-mkkw-p7e2
Aliases: CVE-2023-29383 |
shadow: Improper input validation in shadow-utils package utility chfn |
Affected by 0 other vulnerabilities. |
|
VCID-m4sf-znhe-gubc
Aliases: CVE-2017-12424 |
A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. |
Affected by 4 other vulnerabilities. |
|
VCID-mp2r-dfng-27ew
Aliases: DSA-3793-2 shadow |
regression update |
Affected by 8 other vulnerabilities. |
|
VCID-r9a4-2dw5-4bgq
Aliases: CVE-2019-19882 |
Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. |
Affected by 3 other vulnerabilities. |
|
VCID-ueu4-n6bt-xfat
Aliases: CVE-2016-6252 |
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. |
Affected by 8 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-zbq9-jt94-ckhd
Aliases: CVE-2011-0721 |
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||