Latest Permissions, Privileges, and Access Controls Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2019-06-07 CVE-2019-2102 Permissions, Privileges, and Access Controls vulnerability in Google Android
In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK).
low complexity
google CWE-264
8.3
2019-06-03 CVE-2019-10147 Permissions, Privileges, and Access Controls vulnerability in Redhat RKT
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.
6.9
2019-06-03 CVE-2019-10145 Permissions, Privileges, and Access Controls vulnerability in Redhat RKT
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.
6.9
2019-06-03 CVE-2019-10144 Permissions, Privileges, and Access Controls vulnerability in Redhat RKT
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.
6.9
2019-06-03 CVE-2018-5406 Permissions, Privileges, and Access Controls vulnerability in Quest Kace Systems Management Appliance Firmware
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism.
network
quest CWE-264
critical
9.3
2019-06-02 CVE-2017-18376 Permissions, Privileges, and Access Controls vulnerability in Thehive-Project Thehive
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges.
network
low complexity
thehive-project CWE-264
6.5
2019-05-29 CVE-2019-11891 Permissions, Privileges, and Access Controls vulnerability in Bosch Smart Home Controller Firmware
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing.
5.4
2019-05-28 CVE-2019-7394 Permissions, Privileges, and Access Controls vulnerability in CA Risk Authentication and Strong Authentication
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.
network
low complexity
ca CWE-264
6.5
2019-05-24 CVE-2019-10143 Permissions, Privileges, and Access Controls vulnerability in multiple products
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
6.9
2019-05-22 CVE-2019-10132 Permissions, Privileges, and Access Controls vulnerability in multiple products
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units.
6.5