Search for packages
| purl | pkg:deb/debian/shadow@1:4.5-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cabd-74q6-kug2 | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. |
CVE-2017-20002
|
| VCID-m4sf-znhe-gubc | A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. |
CVE-2017-12424
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T11:41:58.701350+00:00 | Debian Importer | Fixing | VCID-cabd-74q6-kug2 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:03:11.053934+00:00 | Debian Importer | Fixing | VCID-m4sf-znhe-gubc | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T07:58:20.294472+00:00 | Debian Importer | Fixing | VCID-cabd-74q6-kug2 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T18:04:09.989205+00:00 | Debian Importer | Fixing | VCID-m4sf-znhe-gubc | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:52:54.592413+00:00 | Debian Importer | Fixing | VCID-cabd-74q6-kug2 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:52:54.535292+00:00 | Debian Importer | Fixing | VCID-m4sf-znhe-gubc | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |