Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-02	CVE-2018-10647	Incorrect Permission Assignment for Critical Resource vulnerability in Safervpn 4.2.5 SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. local low complexity safervpn CWE-732	7.8
2018-05-02	CVE-2018-10646	Incorrect Permission Assignment for Critical Resource vulnerability in Cyberghostvpn Cyberghost 6.5.0.3180 CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. local low complexity cyberghostvpn CWE-732	7.8
2018-05-02	CVE-2018-10645	Incorrect Permission Assignment for Critical Resource vulnerability in Goldenfrog Vyprvpn 2.12.1.8015 Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. local low complexity goldenfrog CWE-732	7.8
2018-04-27	CVE-2018-10520	Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. network low complexity cmsmadesimple CWE-732	6.5
2018-04-27	CVE-2018-10519	Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. network low complexity cmsmadesimple CWE-732	8.8
2018-04-27	CVE-2018-10518	Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. network low complexity cmsmadesimple CWE-732	6.5
2018-04-26	CVE-2018-10381	Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Tunnelbear 3.2.0.6 TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. network low complexity mcafee CWE-732 critical	9.8
2018-04-22	CVE-2018-10285	Incorrect Permission Assignment for Critical Resource vulnerability in Ericssonlg Ipecs NMS A.1Ac The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. network low complexity ericssonlg CWE-732 critical	9.8
2018-04-18	CVE-2018-10204	Incorrect Permission Assignment for Critical Resource vulnerability in Purevpn 6.0.1 PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. network low complexity purevpn CWE-732	8.8
2018-04-18	CVE-2018-1000165	Incorrect Permission Assignment for Critical Resource vulnerability in Lightsaml LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. network low complexity lightsaml CWE-732	7.5