Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/shadow@1:4.8.1-1
purl pkg:deb/debian/shadow@1:4.8.1-1
Next non-vulnerable version 1:4.13+dfsg1-1+deb12u2
Latest non-vulnerable version 1:4.13+dfsg1-1+deb12u2
Risk 2.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-bcx3-q456-w7ad
Aliases:
CVE-2023-4641
shadow-utils: possible password leak during passwd(1) change
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-m3za-mkkw-p7e2
Aliases:
CVE-2023-29383
shadow: Improper input validation in shadow-utils package utility chfn
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-shuq-ufcc-ruf5
Aliases:
CVE-2013-4235
A TOCTOU race has been discovered in Shadow, which could result in the unauthorized modification of files.
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-74yx-3zfw-w7f2 A vulnerability found in Shadow may allow local attackers to bypass security restrictions. CVE-2018-7169
VCID-r9a4-2dw5-4bgq Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. CVE-2019-19882

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:28:16.003900+00:00 Debian Importer Affected by VCID-shuq-ufcc-ruf5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-15T23:55:59.766113+00:00 Debian Oval Importer Fixing VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:27:49.130364+00:00 Debian Oval Importer Fixing VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:13:46.833881+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:16:32.568166+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T23:30:14.474687+00:00 Debian Oval Importer Fixing VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:03:10.604157+00:00 Debian Oval Importer Fixing VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:49:34.465364+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:18:57.956562+00:00 Debian Importer Affected by VCID-shuq-ufcc-ruf5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:01:54.287642+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:03:08.562087+00:00 Debian Oval Importer Fixing VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:37:03.645587+00:00 Debian Oval Importer Fixing VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:24:12.547204+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:48:28.100296+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-04T18:04:49.218717+00:00 Debian Importer Affected by VCID-shuq-ufcc-ruf5 https://security-tracker.debian.org/tracker/data/json 38.1.0