Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2022-01-04 CVE-2021-43832 Missing Authentication for Critical Function vulnerability in Linuxfoundation Spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform.
network
low complexity
linuxfoundation CWE-306
7.5
2021-12-30 CVE-2021-20152 Missing Authentication for Critical Function vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality.
network
trendnet CWE-306
5.8
2021-12-27 CVE-2021-45232 Missing Authentication for Critical Function vulnerability in Apache Apisix Dashboard
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
network
low complexity
apache CWE-306
7.5
2021-12-15 CVE-2021-1011 Missing Authentication for Critical Function vulnerability in Google Android 12.0
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check.
local
low complexity
google CWE-306
2.1
2021-12-13 CVE-2021-22279 Missing Authentication for Critical Function vulnerability in ABB Omnicore C30 Firmware
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
network
abb CWE-306
critical
9.3
2021-11-29 CVE-2021-38147 Missing Authentication for Critical Function vulnerability in Wipro Holmes 20.4.1
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
network
low complexity
wipro CWE-306
5.0
2021-11-23 CVE-2021-42783 Missing Authentication for Critical Function vulnerability in Dlink Dwr-932C E1 Firmware
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.
network
low complexity
dlink CWE-306
critical
10.0
2021-11-15 CVE-2021-41266 Missing Authentication for Critical Function vulnerability in MIN Minio Console
Minio console is a graphical user interface for the for MinIO operator.
network
min CWE-306
6.8
2021-10-22 CVE-2021-42539 Missing Authentication for Critical Function vulnerability in Emerson products
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
network
low complexity
emerson CWE-306
6.5
2021-10-12 CVE-2021-27395 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions).
network
low complexity
siemens CWE-306
5.5