Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
superuser vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x prior to 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (w...
Timescale Timescaledb
8.8
CVSSv3
CVE-2022-43685
CKAN up to and including 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Okfn Ckan
9.8
CVSSv3
CVE-2022-28812
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.
Gavazziautomation Cpy Car Park Server
Gavazziautomation Uwp 3.0 Monitoring Gateway And Controller Firmware
8.8
CVSSv3
CVE-2018-1198
Pivotal Cloud Cache, versions before 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.
Pivotal Software Pivotal Cloud Cache
9.8
CVSSv3
CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
Hongdian H8922 Firmware 3.0.5
9.8
CVSSv3
CVE-2023-31240
Snap One OvrC Pro versions before 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
Snapone Orvc
7.6
CVSSv3
CVE-2022-3086
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an malicious user to execute arbitrary code.
Moxa Uc-8580-t-lx Firmware 1.1
Moxa Uc-8580-t-ct-lx Firmware 1.1
Moxa Uc-8580-t-q-lx Firmware 1.1
Moxa Uc-8580-t-ct-q-lx Firmware 1.1
Moxa Uc-8580-q-lx Firmware 1.1
Moxa Uc-8580-lx Firmware 1.1
Moxa Uc-8540-lx Firmware
Moxa Uc-8540-t-ct-lx Firmware
Moxa Uc-8540-t-lx Firmware
Moxa Uc-8410a-lx Firmware 2.2
Moxa Uc-8410a-nw-lx Firmware 2.2
Moxa Uc-8410a-nw-t-lx Firmware 2.2
Moxa Uc-8410a-t-lx Firmware 2.2
Moxa Uc-8210-t-lx-s Firmware
Moxa Uc-8220-t-lx Firmware
Moxa Uc-8220-t-lx-us-s Firmware
Moxa Uc-8220-t-lx-eu-s Firmware
Moxa Uc-8220-t-lx-ap-s Firmware
Moxa Uc-8112a-me-t-lx Firmware 1.0
Moxa Uc-8112a-me-t-lx Firmware 1.1
Moxa Uc-8131-lx Firmware 1.2
Moxa Uc-8131-lx Firmware 1.3
9.8
CVSSv3
CVE-2019-11526
An issue exists in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the malicious user to write files with superuser privileges in specific locations.
Softing Uagate Si Firmware 1.60.01
NA
CVE-2002-0755
Kerberos 5 su (k5su) in FreeBSD 4.5 and previous versions does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
Freebsd Freebsd 4.5
Freebsd Freebsd 4.4
NA
CVE-2024-2338
PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allo...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »