Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-16566
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote malicious users to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level c...
Qacctv Jooan A5 Ip Camera Firmware 2.3.36
9.8
CVSSv3
CVE-2017-12424
In shadow prior to 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege bound...
Shadow Project Shadow
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x prior to 4.1.11, 4.2.x prior to 4.2.13, and 4.3.x prior to 4.3.9 and FortiSwitch prior to 3.4.3 allows remote malicious users to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Fortinet Fortios
Fortinet Fortiswitch
1 EDB exploit
9.8
CVSSv3
CVE-2016-1601
yast2-users prior to 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow malicious users to have unspecified impact via unkn...
Suse Yast2
9.1
CVSSv3
CVE-2022-22795
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file o...
Signiant Manager\\+agents
Signiant Manager\\+agents 14.0
Signiant Manager\\+agents 15.0
9
CVSSv3
CVE-2017-10915
The shadow-paging feature in Xen up to and including 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
Xen Xen
8.8
CVSSv3
CVE-2022-36159
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Man...
Contec Fxa3000 Firmware
Contec Fxa3020 Firmware
Contec Fxa3200 Firmware
Contec Fxa2000 Firmware
1 Github repository
8.8
CVSSv3
CVE-2022-33745
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha...
Xen Xen
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
8.8
CVSSv3
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" fiel...
Linux Linux Kernel 5.14
Linux Linux Kernel
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Software Collections -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Real Time 7
Redhat Enterprise Linux For Real Time For Nfv 7
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
1 Github repository
8.8
CVSSv3
CVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field...
Linux Linux Kernel 5.14
Linux Linux Kernel
Redhat Enterprise Linux 7.0
Debian Debian Linux 9.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »