Latest Permissions, Privileges, and Access Controls Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2016-10929 Permissions, Privileges, and Access Controls vulnerability in Advanced Ajax Page Loader Project Advanced Ajax Page Loader
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
5.0
2019-08-22 CVE-2017-18584 Permissions, Privileges, and Access Controls vulnerability in Post PAY Counter Project Post PAY Counter
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.
5.0
2019-08-22 CVE-2016-10923 Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
7.5
2019-08-22 CVE-2016-10922 Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
network
low complexity
visser CWE-264
7.5
2019-08-21 CVE-2019-14257 Permissions, Privileges, and Access Controls vulnerability in Zenoss 2.5.3
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
local
low complexity
zenoss CWE-264
7.2
2019-08-21 CVE-2019-12634 Permissions, Privileges, and Access Controls vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-264
5.0
2019-08-20 CVE-2019-2122 Permissions, Privileges, and Access Controls vulnerability in Google Android
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings.
6.9
2019-08-14 CVE-2016-10886 Permissions, Privileges, and Access Controls vulnerability in WP Editor Project WP Editor
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
network
low complexity
wp-editor-project CWE-264
7.5
2019-08-13 CVE-2019-12808 Permissions, Privileges, and Access Controls vulnerability in Estsoft Altools 18.1
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission.
local
low complexity
estsoft CWE-264
7.2
2019-08-02 CVE-2017-18455 Permissions, Privileges, and Access Controls vulnerability in Cpanel
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
network
low complexity
cpanel CWE-264
4.0