Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40960
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
Galera Galera Webtemplate 1.0
7.8
CVSSv3
CVE-2017-17564
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
Xen Xen
9.8
CVSSv3
CVE-2018-8712
An issue exists in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to re...
Webmin Webmin 1.840
Webmin Webmin 1.880
9.8
CVSSv3
CVE-2023-24149
TOTOLINK CA300-PoE V6.2c.884 exists to contain a hard code password for root which is stored in the component /etc/shadow.
Totolink Ca300-poe Firmware 6.2c.884
9.8
CVSSv3
CVE-2017-8415
An issue exists on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved fro...
Dlink Dcs-1130 Firmware -
Dlink Dcs-1100 Firmware -
7.8
CVSSv3
CVE-2017-17563
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
Xen Xen
5.6
CVSSv3
CVE-2017-17565
An issue exists in Xen up to and including 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
Xen Xen
NA
CVE-2010-3962
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote malicious users to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uni...
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
3 EDB exploits
1 Article
7.5
CVSSv3
CVE-2022-29588
Konica Minolta bizhub MFP devices prior to 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.
Konicaminolta Bizhub 226i Firmware
Konicaminolta Bizhub 227 Firmware
Konicaminolta Bizhub 246i Firmware
Konicaminolta Bizhub 287 Firmware
Konicaminolta Bizhub 306i Firmware
Konicaminolta Bizhub 308 Firmware
Konicaminolta Bizhub 308e Firmware
Konicaminolta Bizhub 367 Firmware
Konicaminolta Bizhub 368 Firmware
Konicaminolta Bizhub 368e Firmware
Konicaminolta Bizhub 4052 Firmware
Konicaminolta Bizhub 458 Firmware
Konicaminolta Bizhub 458e Firmware
Konicaminolta Bizhub 4752 Firmware
Konicaminolta Bizhub 558 Firmware
Konicaminolta Bizhub 558e Firmware
Konicaminolta Bizhub 658e Firmware
Konicaminolta Bizhub 758 Firmware
Konicaminolta Bizhub 808 Firmware
Konicaminolta Bizhub 958 Firmware
Konicaminolta Bizhub C227 Firmware
Konicaminolta Bizhub C250i Firmware
9.8
CVSSv3
CVE-2016-2360
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
Milesight Ip Security Camera Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »