Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2022-09-12 CVE-2022-38135 Permissions, Privileges, and Access Controls vulnerability in Photospace Gallery Project Photospace Gallery 2.3.5
Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.
network
low complexity
photospace-gallery-project CWE-264
4.3
2022-08-23 CVE-2022-34868 Permissions, Privileges, and Access Controls vulnerability in Yookassa Yukassa for Woocommerce
Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.
network
low complexity
yookassa CWE-264
6.5
2022-08-23 CVE-2022-35242 Permissions, Privileges, and Access Controls vulnerability in 59Sec the Leads Management System: 59Sec Lite 3.4.1
Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.
network
low complexity
59sec CWE-264
5.3
2019-09-04 CVE-2019-10709 Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
network
low complexity
asus CWE-264
7.5
2019-08-30 CVE-2019-2390 Permissions, Privileges, and Access Controls vulnerability in Mongodb
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.
6.8
2019-08-29 CVE-2019-11249 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
5.8
2019-08-29 CVE-2019-11247 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced.
network
low complexity
kubernetes CWE-264
6.5
2019-08-29 CVE-2019-11246 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
4.3
2019-08-29 CVE-2019-11245 Permissions, Privileges, and Access Controls vulnerability in Kubernetes 1.13.6/1.14.2
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node.
local
low complexity
kubernetes CWE-264
4.6
2019-08-27 CVE-2016-10935 Permissions, Privileges, and Access Controls vulnerability in Visser Store Exporter for Woocommerce
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
7.5