Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2024-11-17 CVE-2020-25720 A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation.
network
high complexity
CWE-264
7.5
2019-09-04 CVE-2019-10709 Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
network
low complexity
asus CWE-264
critical
9.8
2019-08-29 CVE-2019-11245 Permissions, Privileges, and Access Controls vulnerability in Kubernetes 1.13.6/1.14.2
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node.
local
low complexity
kubernetes CWE-264
7.8
2019-08-27 CVE-2016-10935 Permissions, Privileges, and Access Controls vulnerability in Visser Store Exporter for Woocommerce
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
critical
9.8
2019-08-22 CVE-2016-10929 Permissions, Privileges, and Access Controls vulnerability in Advanced Ajax Page Loader Project Advanced Ajax Page Loader
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
5.3
2019-08-22 CVE-2017-18584 Permissions, Privileges, and Access Controls vulnerability in Post PAY Counter Project Post PAY Counter
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.
network
low complexity
post-pay-counter-project CWE-264
7.5
2019-08-22 CVE-2016-10923 Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
critical
9.8
2019-08-22 CVE-2016-10922 Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
critical
9.8
2019-08-21 CVE-2019-14257 Permissions, Privileges, and Access Controls vulnerability in Zenoss 2.5.3
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
local
low complexity
zenoss CWE-264
7.8
2019-08-20 CVE-2019-2122 Permissions, Privileges, and Access Controls vulnerability in Google Android
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings.
local
low complexity
google CWE-264
7.3