Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
purl pkg:deb/debian/shadow@1:4.2-3%2Bdeb8u4
Next non-vulnerable version 1:4.13+dfsg1-1+deb12u2
Latest non-vulnerable version 1:4.13+dfsg1-1+deb12u2
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-74yx-3zfw-w7f2
Aliases:
CVE-2018-7169
A vulnerability found in Shadow may allow local attackers to bypass security restrictions.
1:4.8.1-1
Affected by 3 other vulnerabilities.
VCID-a5ny-vcsw-uqh1
Aliases:
(+
CVE-2017-2616
fix)
regression
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.
1:4.4-4.1
Affected by 6 other vulnerabilities.
VCID-bcx3-q456-w7ad
Aliases:
CVE-2023-4641
shadow-utils: possible password leak during passwd(1) change
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-cabd-74q6-kug2
Aliases:
CVE-2017-20002
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
1:4.5-1.1
Affected by 4 other vulnerabilities.
VCID-m3za-mkkw-p7e2
Aliases:
CVE-2023-29383
shadow: Improper input validation in shadow-utils package utility chfn
1:4.13+dfsg1-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-m4sf-znhe-gubc
Aliases:
CVE-2017-12424
A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors.
1:4.5-1.1
Affected by 4 other vulnerabilities.
VCID-r9a4-2dw5-4bgq
Aliases:
CVE-2019-19882
Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation.
1:4.8.1-1
Affected by 3 other vulnerabilities.
VCID-ueu4-n6bt-xfat
Aliases:
CVE-2016-6252
Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation.
1:4.4-4.1
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-a5ny-vcsw-uqh1 Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. (+
CVE-2017-2616
fix)
regression
VCID-mp2r-dfng-27ew regression update DSA-3793-2 shadow
VCID-ueu4-n6bt-xfat Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. CVE-2016-6252

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T23:55:59.754600+00:00 Debian Oval Importer Affected by VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:37:46.669756+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:27:49.118176+00:00 Debian Oval Importer Affected by VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:13:46.817998+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:30:36.520909+00:00 Debian Oval Importer Affected by VCID-m4sf-znhe-gubc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:34:38.940797+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:16:32.555545+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:42:01.880585+00:00 Debian Oval Importer Affected by VCID-cabd-74q6-kug2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:01:56.331014+00:00 Debian Oval Importer Fixing VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-15T13:43:07.835470+00:00 Debian Oval Importer Fixing VCID-mp2r-dfng-27ew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-15T13:22:40.872655+00:00 Debian Oval Importer Fixing VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-11T23:30:14.461394+00:00 Debian Oval Importer Affected by VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:12:41.278312+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:03:10.592377+00:00 Debian Oval Importer Affected by VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:49:34.454042+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:11:58.994906+00:00 Debian Oval Importer Affected by VCID-m4sf-znhe-gubc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:19:19.568162+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:01:54.268736+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:29:49.850720+00:00 Debian Oval Importer Affected by VCID-cabd-74q6-kug2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T13:50:33.517819+00:00 Debian Oval Importer Fixing VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-11T13:31:49.682404+00:00 Debian Oval Importer Fixing VCID-mp2r-dfng-27ew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-11T13:11:25.054441+00:00 Debian Oval Importer Fixing VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-08T23:03:08.549235+00:00 Debian Oval Importer Affected by VCID-r9a4-2dw5-4bgq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:46:18.014572+00:00 Debian Oval Importer Affected by VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:37:03.631089+00:00 Debian Oval Importer Affected by VCID-74yx-3zfw-w7f2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:24:12.533455+00:00 Debian Oval Importer Affected by VCID-bcx3-q456-w7ad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:53:11.344755+00:00 Debian Oval Importer Affected by VCID-m4sf-znhe-gubc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:05:25.275948+00:00 Debian Oval Importer Affected by VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:48:28.086614+00:00 Debian Oval Importer Affected by VCID-m3za-mkkw-p7e2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:24:06.977287+00:00 Debian Oval Importer Affected by VCID-cabd-74q6-kug2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T13:10:40.761066+00:00 Debian Oval Importer Fixing VCID-ueu4-n6bt-xfat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0
2026-04-07T22:25:46.199206+00:00 Debian Oval Importer Fixing VCID-a5ny-vcsw-uqh1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0
2026-04-07T22:07:31.052226+00:00 Debian Oval Importer Fixing VCID-mp2r-dfng-27ew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0