Known Vulnerabilities for Shadow by Debian
Listed below are 8 of the newest known vulnerabilities associated with "Shadow" by "Debian".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-23402 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting ... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-23401 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when c... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2025-24765 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow image-s... | Not Provided | 2025-06-27 | 2026-04-01 |
| CVE-2017-20002 | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty... | 7.8 - HIGH | 2021-03-17 | 2021-06-07 |
| CVE-2013-4235 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | 4.7 - MEDIUM | 2019-12-03 | 2023-02-13 |
| CVE-2011-0721 | Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or grou... | 6.4 - MEDIUM | 2011-02-19 | 2017-08-17 |
| CVE-2008-5394 | /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp gro... | 7.2 - HIGH | 2008-12-09 | 2018-10-11 |
| CVE-2006-1844 | The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-r... | 2.1 - LOW | 2006-04-19 | 2020-08-11 |
| CVE-2006-1174 | useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the o... | 3.7 - LOW | 2006-05-28 | 2020-08-11 |
| CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user s... | 7.8 - HIGH | 2019-11-04 | 2020-08-18 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Debian | Shadow | 4.7 | All | All | All |
| Application | Debian | Shadow | 4.6 | All | All | All |
| Application | Debian | Shadow | 4.5 | All | All | All |
| Application | Debian | Shadow | 4.4 | All | All | All |
| Application | Debian | Shadow | 4.3.1 | All | All | All |
| Application | Debian | Shadow | 4.3.0 | All | All | All |
| Application | Debian | Shadow | 4.2.1 | All | All | All |
| Application | Debian | Shadow | 4.1.5.1 | All | All | All |
| Application | Debian | Shadow | 4.1.5 | All | All | All |
| Application | Debian | Shadow | 4.1.4.2 | All | All | All |
| Application | Debian | Shadow | 4.1.4.1 | All | All | All |
| Application | Debian | Shadow | 4.1.4 | All | All | All |
| Application | Debian | Shadow | 4.1.3.1 | All | All | All |
| Application | Debian | Shadow | 4.1.3 | All | All | All |
| Application | Debian | Shadow | 4.1.2.2 | All | All | All |
| Application | Debian | Shadow | 4.1.2.1 | All | All | All |
| Application | Debian | Shadow | 4.1.2 | All | All | All |
| Application | Debian | Shadow | 4.1.1 | All | All | All |
| Application | Debian | Shadow | 4.1.0 | All | All | All |
| Application | Debian | Shadow | 4.0.9 | All | All | All |