Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-12 | CVE-2022-38135 | Permissions, Privileges, and Access Controls vulnerability in Photospace Gallery Project Photospace Gallery 2.3.5 Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | 4.3 |
| 2022-08-23 | CVE-2022-34868 | Permissions, Privileges, and Access Controls vulnerability in Yookassa Yukassa for Woocommerce Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 6.5 |
| 2022-08-23 | CVE-2022-35242 | Permissions, Privileges, and Access Controls vulnerability in 59Sec the Leads Management System: 59Sec Lite 3.4.1 Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | 5.3 |
| 2019-09-04 | CVE-2019-10709 | Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25 AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | 7.5 |
| 2019-08-30 | CVE-2019-2390 | Permissions, Privileges, and Access Controls vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. | 6.8 |
| 2019-08-29 | CVE-2019-11249 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 5.8 |
| 2019-08-29 | CVE-2019-11247 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. | 6.5 |
| 2019-08-29 | CVE-2019-11246 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 4.3 |
| 2019-08-29 | CVE-2019-11245 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes 1.13.6/1.14.2 In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. | 4.6 |
| 2019-08-27 | CVE-2016-10935 | Permissions, Privileges, and Access Controls vulnerability in Visser Store Exporter for Woocommerce The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | 7.5 |