Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-29669
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file,...
Macally Wifisd2-2a82 Firmware 2.000.010
1 Github repository
3.3
CVSSv2
CVE-2020-3702
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Comp...
Qualcomm Apq8053 Firmware -
Qualcomm Ipq4019 Firmware -
Qualcomm Ipq8064 Firmware -
Qualcomm Msm8909w Firmware -
Qualcomm Msm8996au Firmware -
Qualcomm Qca9531 Firmware -
Qualcomm Qcn5502 Firmware -
Qualcomm Qcs405 Firmware -
Qualcomm Sdx20 Firmware -
Qualcomm Sm6150 Firmware -
Qualcomm Sm7150 Firmware -
Debian Debian Linux 10.0
Arista Access Point
Debian Debian Linux 9.0
4.7
CVSSv2
CVE-2020-15563
An issue exists in Xen up to and including 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped spac...
Xen Xen
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.2
2.1
CVSSv2
CVE-2020-10727
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this...
Apache Activemq Artemis
Netapp Oncommand Workflow Automation -
4.6
CVSSv2
CVE-2020-10277
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
Mobile-industrial-robots Mir100 Firmware
Mobile-industrial-robots Mir200 Firmware -
Mobile-industrial-robots Mir250 Firmware -
Mobile-industrial-robots Mir500 Firmware -
Mobile-industrial-robots Mir1000 Firmware -
Easyrobotics Er200 Firmware -
Easyrobotics Er-lite Firmware -
Easyrobotics Er-flex Firmware -
Easyrobotics Er-one Firmware -
Uvd-robots Uvd Firmware -
9
CVSSv2
CVE-2020-13695
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an malicious user to obtain sensitive information via a grep of a /root/*.db or ...
Quickbox Quickbox
2.1
CVSSv2
CVE-2020-13631
SQLite prior to 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Sqlite Sqlite
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Netapp Cloud Backup -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Brocade Fabric Operating System -
Netapp Hci Compute Node Firmware -
Siemens Sinec Infrastructure Network Services
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
Apple Icloud
Apple Itunes
Apple Macos
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
1 Github repository
5
CVSSv2
CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
4
CVSSv2
CVE-2020-11491
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
Zevenet Zen Load Balancer 3.10.1
5
CVSSv2
CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows malicious users to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Sqlite Sqlite 3.31.1
Netapp Cloud Backup -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Siemens Sinec Infrastructure Network Services
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
Oracle Communications Network Charging And Control 12.0.2
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Mysql Workbench
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Messaging Server 8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »