Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
superuser vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x prior to 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (w...
Timescale Timescaledb
NA
CVE-2022-28812
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.
Gavazziautomation Cpy Car Park Server
Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller Firmware
356
VMScore
CVE-2018-1198
Pivotal Cloud Cache, versions before 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.
Pivotal Software Pivotal Cloud Cache
668
VMScore
CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
Hongdian H8922 Firmware 3.0.5
NA
CVE-2022-43685
CKAN up to and including 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Okfn Ckan
NA
CVE-2023-31240
Snap One OvrC Pro versions before 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
Snapone Orvc
NA
CVE-2022-3086
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an malicious user to execute arbitrary code.
Moxa Uc-8580-t-lx Firmware 1.1
Moxa Uc-8580-t-ct-lx Firmware 1.1
Moxa Uc-8580-t-q-lx Firmware 1.1
Moxa Uc-8580-t-ct-q-lx Firmware 1.1
Moxa Uc-8580-q-lx Firmware 1.1
Moxa Uc-8580-lx Firmware 1.1
Moxa Uc-8540-lx Firmware
Moxa Uc-8540-t-ct-lx Firmware
Moxa Uc-8540-t-lx Firmware
Moxa Uc-8410a-lx Firmware 2.2
Moxa Uc-8410a-nw-lx Firmware 2.2
Moxa Uc-8410a-nw-t-lx Firmware 2.2
Moxa Uc-8410a-t-lx Firmware 2.2
Moxa Uc-8210-t-lx-s Firmware
Moxa Uc-8220-t-lx Firmware
Moxa Uc-8220-t-lx-us-s Firmware
Moxa Uc-8220-t-lx-eu-s Firmware
Moxa Uc-8220-t-lx-ap-s Firmware
Moxa Uc-8112a-me-t-lx Firmware 1.0
Moxa Uc-8112a-me-t-lx Firmware 1.1
Moxa Uc-8131-lx Firmware 1.2
Moxa Uc-8131-lx Firmware 1.3
641
VMScore
CVE-2002-0755
Kerberos 5 su (k5su) in FreeBSD 4.5 and previous versions does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
Freebsd Freebsd 4.5
Freebsd Freebsd 4.4
890
VMScore
CVE-2019-11526
An issue exists in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the malicious user to write files with superuser privileges in specific locations.
Softing Uagate Si Firmware 1.60.01
NA
CVE-2024-2338
PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allo...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »