Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/shadow@1:4.1.5.1-1
purl pkg:deb/debian/shadow@1:4.1.5.1-1
Next non-vulnerable version 1:4.13+dfsg1-1+deb12u2
Latest non-vulnerable version 1:4.13+dfsg1-1+deb12u2
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-74yx-3zfw-w7f2
Aliases:
CVE-2018-7169
A vulnerability found in Shadow may allow local attackers to bypass security restrictions.
1:4.8.1-1
Affected by 3 other vulnerabilities.
VCID-a5ny-vcsw-uqh1
Aliases:
(+
CVE-2017-2616
fix)
regression
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.
1:4.2-3+deb8u4
Affected by 8 other vulnerabilities.
1:4.4-4.1
Affected by 6 other vulnerabilities.
VCID-bcx3-q456-w7ad
Aliases:
CVE-2023-4641
shadow-utils: possible password leak during passwd(1) change
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-cabd-74q6-kug2
Aliases:
CVE-2017-20002
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
1:4.5-1.1
Affected by 4 other vulnerabilities.
VCID-m3za-mkkw-p7e2
Aliases:
CVE-2023-29383
shadow: Improper input validation in shadow-utils package utility chfn
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-m4sf-znhe-gubc
Aliases:
CVE-2017-12424
A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors.
1:4.5-1.1
Affected by 4 other vulnerabilities.
VCID-mp2r-dfng-27ew
Aliases:
DSA-3793-2 shadow
regression update
1:4.2-3+deb8u4
Affected by 8 other vulnerabilities.
VCID-r9a4-2dw5-4bgq
Aliases:
CVE-2019-19882
Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation.
1:4.8.1-1
Affected by 3 other vulnerabilities.
VCID-ueu4-n6bt-xfat
Aliases:
CVE-2016-6252
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.
1:4.2-3+deb8u4
Affected by 8 other vulnerabilities.
1:4.4-4.1
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-2b4p-nehx-eyae coreutils: tty hijacking possible in "su" via TIOCSTI ioctl CVE-2005-4890
VCID-zbq9-jt94-ckhd This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. CVE-2011-0721

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T23:55:59.746779+00:00 Debian Oval Importer Affected by VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:37:46.662603+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:27:49.110029+00:00 Debian Oval Importer Affected by VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:13:46.809938+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T21:44:23.488078+00:00 Debian Oval Importer Fixing VCID-2b4p-nehx-eyae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:30:36.513781+00:00 Debian Oval Importer Affected by VCID-m4sf-znhe-gubc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:46:57.550347+00:00 Debian Oval Importer Fixing VCID-zbq9-jt94-ckhd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:34:38.934049+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:16:32.547319+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:42:01.873457+00:00 Debian Oval Importer Affected by VCID-cabd-74q6-kug2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:01:56.324418+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-15T13:43:07.827999+00:00 Debian Oval Importer Affected by VCID-mp2r-dfng-27ew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-15T13:22:40.865815+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-11T23:30:14.452405+00:00 Debian Oval Importer Affected by VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:12:41.271260+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:03:10.584501+00:00 Debian Oval Importer Affected by VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:49:34.446588+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:23:05.123607+00:00 Debian Oval Importer Fixing VCID-2b4p-nehx-eyae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:11:58.987299+00:00 Debian Oval Importer Affected by VCID-m4sf-znhe-gubc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:29:20.797824+00:00 Debian Oval Importer Fixing VCID-zbq9-jt94-ckhd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:19:19.560309+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:01:54.260207+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:29:49.842583+00:00 Debian Oval Importer Affected by VCID-cabd-74q6-kug2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T13:50:33.509975+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-11T13:31:49.674158+00:00 Debian Oval Importer Affected by VCID-mp2r-dfng-27ew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-11T13:11:25.045977+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-08T23:03:08.540746+00:00 Debian Oval Importer Affected by VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:46:18.006121+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:37:03.621622+00:00 Debian Oval Importer Affected by VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:24:12.524600+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:01:42.585258+00:00 Debian Oval Importer Fixing VCID-2b4p-nehx-eyae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:53:11.336849+00:00 Debian Oval Importer Affected by VCID-m4sf-znhe-gubc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:12:48.660179+00:00 Debian Oval Importer Fixing VCID-zbq9-jt94-ckhd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:05:25.267549+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:48:28.077241+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:24:06.968287+00:00 Debian Oval Importer Affected by VCID-cabd-74q6-kug2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T13:10:40.751901+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0
2026-04-07T22:25:46.195075+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0
2026-04-07T22:07:31.041841+00:00 Debian Oval Importer Affected by VCID-mp2r-dfng-27ew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0