VulnerableCode Package Details - pkg:deb/debian/shadow@1:4.4-4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-74yx-3zfw-w7f2 Aliases: CVE-2018-7169	A vulnerability found in Shadow may allow local attackers to bypass security restrictions.	1:4.8.1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bcx3-q456-w7ad Aliases: CVE-2023-4641	shadow-utils: possible password leak during passwd(1) change	1:4.13+dfsg1-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-cabd-74q6-kug2 Aliases: CVE-2017-20002	The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.	1:4.5-1.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m3za-mkkw-p7e2 Aliases: CVE-2023-29383	shadow: Improper input validation in shadow-utils package utility chfn	1:4.13+dfsg1-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-m4sf-znhe-gubc Aliases: CVE-2017-12424	A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors.	1:4.5-1.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r9a4-2dw5-4bgq Aliases: CVE-2019-19882	Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation.	1:4.8.1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-74yx-3zfw-w7f2
Aliases:
CVE-2018-7169

A vulnerability found in Shadow may allow local attackers to bypass security restrictions.

1:4.8.1-1
Affected by 3 other vulnerabilities.

VCID-bcx3-q456-w7ad
Aliases:
CVE-2023-4641

shadow-utils: possible password leak during passwd(1) change

1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.

VCID-cabd-74q6-kug2
Aliases:
CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

1:4.5-1.1
Affected by 4 other vulnerabilities.

VCID-m3za-mkkw-p7e2
Aliases:
CVE-2023-29383

shadow: Improper input validation in shadow-utils package utility chfn

1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.

VCID-m4sf-znhe-gubc
Aliases:
CVE-2017-12424

A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors.

1:4.5-1.1
Affected by 4 other vulnerabilities.

VCID-r9a4-2dw5-4bgq
Aliases:
CVE-2019-19882

Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation.

1:4.8.1-1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a5ny-vcsw-uqh1	Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.	(+ CVE-2017-2616 fix) regression
VCID-ueu4-n6bt-xfat	Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.	CVE-2016-6252

Vulnerability

Summary

Aliases

VCID-a5ny-vcsw-uqh1

Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.

(+
CVE-2017-2616
fix)
regression

VCID-ueu4-n6bt-xfat

Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.

CVE-2016-6252

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:55:59.758414+00:00	Debian Oval Importer	Affected by	VCID-r9a4-2dw5-4bgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:37:46.673288+00:00	Debian Oval Importer	Fixing	VCID-a5ny-vcsw-uqh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:27:49.122164+00:00	Debian Oval Importer	Affected by	VCID-74yx-3zfw-w7f2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:13:46.826035+00:00	Debian Oval Importer	Affected by	VCID-bcx3-q456-w7ad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:30:36.524355+00:00	Debian Oval Importer	Affected by	VCID-m4sf-znhe-gubc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:34:38.944351+00:00	Debian Oval Importer	Fixing	VCID-ueu4-n6bt-xfat	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:16:32.559742+00:00	Debian Oval Importer	Affected by	VCID-m3za-mkkw-p7e2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:42:01.883981+00:00	Debian Oval Importer	Affected by	VCID-cabd-74q6-kug2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:30:14.465847+00:00	Debian Oval Importer	Affected by	VCID-r9a4-2dw5-4bgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:12:41.281780+00:00	Debian Oval Importer	Fixing	VCID-a5ny-vcsw-uqh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:03:10.596372+00:00	Debian Oval Importer	Affected by	VCID-74yx-3zfw-w7f2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:49:34.457808+00:00	Debian Oval Importer	Affected by	VCID-bcx3-q456-w7ad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:11:58.998617+00:00	Debian Oval Importer	Affected by	VCID-m4sf-znhe-gubc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:19:19.572254+00:00	Debian Oval Importer	Fixing	VCID-ueu4-n6bt-xfat	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:01:54.276111+00:00	Debian Oval Importer	Affected by	VCID-m3za-mkkw-p7e2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:29:49.854828+00:00	Debian Oval Importer	Affected by	VCID-cabd-74q6-kug2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:03:08.553561+00:00	Debian Oval Importer	Affected by	VCID-r9a4-2dw5-4bgq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:46:18.019106+00:00	Debian Oval Importer	Fixing	VCID-a5ny-vcsw-uqh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:37:03.635911+00:00	Debian Oval Importer	Affected by	VCID-74yx-3zfw-w7f2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:24:12.537908+00:00	Debian Oval Importer	Affected by	VCID-bcx3-q456-w7ad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:53:11.349344+00:00	Debian Oval Importer	Affected by	VCID-m4sf-znhe-gubc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:05:25.280492+00:00	Debian Oval Importer	Fixing	VCID-ueu4-n6bt-xfat	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:48:28.091185+00:00	Debian Oval Importer	Affected by	VCID-m3za-mkkw-p7e2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:24:06.983599+00:00	Debian Oval Importer	Affected by	VCID-cabd-74q6-kug2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0