Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-10 | CVE-2018-1115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. | 9.1 |
| 2018-05-02 | CVE-2017-4952 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Xenon VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. | 7.5 |
| 2018-05-02 | CVE-2018-5516 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. | 4.7 |
| 2018-05-02 | CVE-2018-10647 | Incorrect Permission Assignment for Critical Resource vulnerability in Safervpn 4.2.5 SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. | 7.8 |
| 2018-05-02 | CVE-2018-10646 | Incorrect Permission Assignment for Critical Resource vulnerability in Cyberghostvpn Cyberghost 6.5.0.3180 CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. | 7.8 |
| 2018-05-02 | CVE-2018-10645 | Incorrect Permission Assignment for Critical Resource vulnerability in Goldenfrog Vyprvpn 2.12.1.8015 Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. | 7.8 |
| 2018-04-27 | CVE-2018-10520 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | 6.5 |
| 2018-04-27 | CVE-2018-10519 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. | 8.8 |
| 2018-04-27 | CVE-2018-10518 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | 6.5 |
| 2018-04-26 | CVE-2018-10381 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Tunnelbear 3.2.0.6 TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. | 9.8 |