pkg:Debian/shadow

All known vulnerabilities

• CRITICAL9.8CVE-2017-12424shadow - security update
  from 0, < 1:4.5-1
• CRITICAL9.8CVE-2017-12424shadow - security update
  from 0, < 1:4.4-4.1+deb9u1
• HIGH7.8CVE-2017-20002The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty.
  from 0, < 1:4.5-1
• HIGH7.8CVE-2019-19882shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access becaus…
  from 0, < 1:4.8.1-1
• HIGH7.8CVE-2005-4890There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
  from 0, < 1:4.1.5-1
• HIGH7.8CVE-2016-6252shadow - security update
  from 0, < 1:4.2-3+deb8u3
• HIGH7.8CVE-2016-6252shadow - security update
  from 0, < 1:4.4-1
• MEDIUM5.5CVE-2023-4641A flaw was found in shadow-utils.
  from 0, < 1:4.8.1-1+deb11u1
• MEDIUM5.3CVE-2018-7169An issue was discovered in shadow 4.5.
  from 0, < 1:4.7-1
• MEDIUM4.7CVE-2013-4235shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
  from 0
• MEDIUM4.7CVE-2017-2616shadow - security update
  from 0, < 1:4.4-4
• MEDIUM4.7CVE-2017-2616shadow - security update
  from 0, < 1:4.1.5.1-1+deb7u1
• LOW3.6CVE-2024-56433shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user…
  from 0
• LOW3.3CVE-2023-29383shadow - security update
  from 0, < 1:4.8.1-1+deb11u1
• LOW3.3CVE-2023-29383shadow - security update
  from 0, < 1:4.8.1-1+deb11u1
• —CVE-2011-0721shadow - missing input sanitization
  from 0, < 1:4.1.4.2+svn3283-2+squeeze1
• —CVE-2011-0721shadow - missing input sanitization
  from 0, < 1:4.1.4.2+svn3283-3
• —CVE-2008-5394shadow - privilege escalation
  from 0, < 1:4.1.1-6
• —CVE-2008-5394shadow - privilege escalation
  from 0, < 1:4.0.18.1-7+etch1
• —CVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information…
  from 0
• —CVE-2006-3378shadow - programming error
  from 0, < 1:4.0.14-1
• —CVE-2006-3378shadow - programming error
  from 0, < 1:4.0.3-31sarge8
• —CVE-2006-1174useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function w…
  from 0, < 1:4.0.15-10
• —CVE-2006-1844The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log fi…
  from 0, < 1:4.0.14-9
• —CVE-2006-1376The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permi…
  from 0, < 1:4.0.14-9
• —CVE-2004-1001shadow - programming error
  from 0, < 20000902-12woody1
• —CVE-2004-1001shadow - programming error
  from 0, < 1:4.0.3-35