Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-47142 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. | 8.8 |
| 2024-01-19 | CVE-2023-40683 | Permissions, Privileges, and Access Controls vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. | 8.8 |
| 2023-07-10 | CVE-2023-3599 | Permissions, Privileges, and Access Controls vulnerability in Best FEE Management System Project Best FEE Management System 1.0 A vulnerability was found in SourceCodester Best Fee Management System 1.0. | 9.8 |
| 2022-08-22 | CVE-2022-34149 | Permissions, Privileges, and Access Controls vulnerability in Miniorange WP Oauth Server Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 |
| 2019-09-04 | CVE-2019-10709 | Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25 AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | 7.5 |
| 2019-08-29 | CVE-2019-11249 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 5.8 |
| 2019-08-29 | CVE-2019-11247 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. | 6.5 |
| 2019-08-29 | CVE-2019-11245 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes 1.13.6/1.14.2 In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. | 4.6 |
| 2019-08-27 | CVE-2016-10935 | Permissions, Privileges, and Access Controls vulnerability in Visser Store Exporter for Woocommerce The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | 7.5 |
| 2019-08-23 | CVE-2019-13423 | Permissions, Privileges, and Access Controls vulnerability in Search-Guard Search Guard Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. | 6.5 |