Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2019-09-04 CVE-2019-10709 Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
network
low complexity
asus CWE-264
7.5
2019-08-30 CVE-2019-2390 Permissions, Privileges, and Access Controls vulnerability in Mongodb
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.
6.8
2019-08-29 CVE-2019-11249 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
5.8
2019-08-29 CVE-2019-11247 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced.
network
low complexity
kubernetes CWE-264
6.5
2019-08-29 CVE-2019-11246 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
4.3
2019-08-29 CVE-2019-11245 Permissions, Privileges, and Access Controls vulnerability in Kubernetes 1.13.6/1.14.2
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node.
local
low complexity
kubernetes CWE-264
4.6
2019-08-27 CVE-2016-10935 Permissions, Privileges, and Access Controls vulnerability in Visser Store Exporter for Woocommerce
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
7.5
2019-08-23 CVE-2019-13014 Permissions, Privileges, and Access Controls vulnerability in Obdev Little Snitch 4.4.0
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool.
local
low complexity
obdev CWE-264
4.9
2019-08-23 CVE-2019-13013 Permissions, Privileges, and Access Controls vulnerability in Obdev Little Snitch 4.3.0/4.3.1/4.3.2
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool.
local
low complexity
obdev apple CWE-264
4.9
2019-08-23 CVE-2019-13423 Permissions, Privileges, and Access Controls vulnerability in Search-Guard Search Guard
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate.
network
low complexity
search-guard CWE-264
6.5