Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shadow vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-17564
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
Xen Xen
7.8
CVSSv3
CVE-2017-17566
An issue exists in Xen up to and including 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
Xen Xen
7.8
CVSSv3
CVE-2017-14426
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
Dlink Dir-850l Firmware
Dlink Dir-850l Firmware Fw114wwb07 H2ab
7.8
CVSSv3
CVE-2016-9314
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and previous versions allows authenticated, remote users with least privileges to backup the system configu...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
7.8
CVSSv3
CVE-2016-6252
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
Shadow Project Shadow 4.2.1
7.8
CVSSv3
CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package prior to 3.19.0-21.21 in Ubuntu up to and including 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a c...
Canonical Ubuntu Linux
Linux Linux Kernel
3 EDB exploits
13 Github repositories
7.8
CVSSv3
CVE-2016-7089
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
Watchguard Rapidstream -
1 EDB exploit
7.8
CVSSv3
CVE-2016-6367
Cisco Adaptive Security Appliance (ASA) Software prior to 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
Cisco Adaptive Security Appliance Software 7.0.7.1
Cisco Adaptive Security Appliance Software 7.0.7.9
Cisco Adaptive Security Appliance Software 7.0.7.12
Cisco Adaptive Security Appliance Software 7.0.6.4
Cisco Adaptive Security Appliance Software 7.0.8.13
Cisco Adaptive Security Appliance Software 7.0.3
Cisco Adaptive Security Appliance Software 7.0.8.2
Cisco Adaptive Security Appliance Software 7.0.7.4
Cisco Adaptive Security Appliance Software 7.0.4
Cisco Adaptive Security Appliance Software 7.0.1
Cisco Adaptive Security Appliance Software 7.0.7
Cisco Adaptive Security Appliance Software 7.0.2
Cisco Adaptive Security Appliance Software 7.0.1.4
Cisco Adaptive Security Appliance Software 7.0.6
Cisco Adaptive Security Appliance Software 7.0.6.8
Cisco Adaptive Security Appliance Software 7.0.8.8
Cisco Adaptive Security Appliance Software 7.0.6.18
Cisco Adaptive Security Appliance Software 7.0.6.32
Cisco Adaptive Security Appliance Software 7.0.8.12
Cisco Adaptive Security Appliance Software 7.0.5
Cisco Adaptive Security Appliance Software 7.0.4.2
Cisco Adaptive Security Appliance Software 7.0.6.29
1 EDB exploit
7.8
CVSSv3
CVE-2001-0195
sash prior to 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
Debian Debian Linux 2.2
7.5
CVSSv3
CVE-2022-47188
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
Generex Cs141 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »