Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-5516 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. | 4.7 |
| 2018-05-02 | CVE-2018-10647 | Incorrect Permission Assignment for Critical Resource vulnerability in Safervpn 4.2.5 SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. | 7.8 |
| 2018-05-02 | CVE-2018-10646 | Incorrect Permission Assignment for Critical Resource vulnerability in Cyberghostvpn Cyberghost 6.5.0.3180 CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. | 7.8 |
| 2018-05-02 | CVE-2018-10645 | Incorrect Permission Assignment for Critical Resource vulnerability in Goldenfrog Vyprvpn 2.12.1.8015 Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. | 7.8 |
| 2018-04-27 | CVE-2018-10520 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | 6.5 |
| 2018-04-27 | CVE-2018-10519 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. | 8.8 |
| 2018-04-27 | CVE-2018-10518 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | 6.5 |
| 2018-04-26 | CVE-2018-10381 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Tunnelbear 3.2.0.6 TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. | 9.8 |
| 2018-04-22 | CVE-2018-10285 | Incorrect Permission Assignment for Critical Resource vulnerability in Ericssonlg Ipecs NMS A.1Ac The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. | 9.8 |
| 2018-04-18 | CVE-2018-10204 | Incorrect Permission Assignment for Critical Resource vulnerability in Purevpn 6.0.1 PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. | 8.8 |