Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-04 | CVE-2019-10709 | Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25 AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | 7.5 |
| 2019-08-30 | CVE-2019-2390 | Permissions, Privileges, and Access Controls vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. | 6.8 |
| 2019-08-29 | CVE-2019-11249 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 5.8 |
| 2019-08-29 | CVE-2019-11247 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. | 6.5 |
| 2019-08-29 | CVE-2019-11246 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 4.3 |
| 2019-08-29 | CVE-2019-11245 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes 1.13.6/1.14.2 In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. | 4.6 |
| 2019-08-27 | CVE-2016-10935 | Permissions, Privileges, and Access Controls vulnerability in Visser Store Exporter for Woocommerce The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | 7.5 |
| 2019-08-23 | CVE-2019-13014 | Permissions, Privileges, and Access Controls vulnerability in Obdev Little Snitch 4.4.0 Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. | 4.9 |
| 2019-08-23 | CVE-2019-13013 | Permissions, Privileges, and Access Controls vulnerability in Obdev Little Snitch 4.3.0/4.3.1/4.3.2 Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. | 4.9 |
| 2019-08-23 | CVE-2019-13423 | Permissions, Privileges, and Access Controls vulnerability in Search-Guard Search Guard Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. | 6.5 |