Latest Permissions, Privileges, and Access Controls Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2019-09-06 CVE-2019-14813 Permissions, Privileges, and Access Controls vulnerability in multiple products
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex
redhat
CWE-264
nessus
7.5
2019-09-04 CVE-2019-10709 Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
network
low complexity
asus
CWE-264
exploit available
7.5
2019-09-03 CVE-2019-14817 Permissions, Privileges, and Access Controls vulnerability in Ghostscript
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
ghostscript
CWE-264
nessus
6.8
2019-09-03 CVE-2019-14811 Permissions, Privileges, and Access Controls vulnerability in Artifex Ghostscript
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
artifex
CWE-264
nessus
6.8
2019-08-30 CVE-2019-2390 Permissions, Privileges, and Access Controls vulnerability in Mongodb
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.
6.8
2019-08-30 CVE-2019-1969 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.
network
low complexity
cisco
CWE-264
nessus
5.0
2019-08-30 CVE-2019-1966 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device.
local
low complexity
cisco
CWE-264
nessus
7.2
2019-08-29 CVE-2019-11249 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
network
kubernetes
CWE-264
nessus
5.8
2019-08-29 CVE-2019-11247 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced.
network
low complexity
kubernetes
CWE-264
nessus
6.5
2019-08-29 CVE-2019-11246 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
network
kubernetes
CWE-264
nessus
4.3