Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0377 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2018-07-18 CVE-2018-0376 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2018-07-18 CVE-2018-0374 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine 14.0.0
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2018-07-13 CVE-2016-9496 Missing Authentication for Critical Function vulnerability in Hughes products
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication.
low complexity
hughes CWE-306
6.5
6.5
2018-07-11 CVE-2018-10635 Missing Authentication for Critical Function vulnerability in Universal-Robots Cb3.1 Firmware 3.4.5100
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code.
network
low complexity
universal-robots CWE-306
critical
 9.8
9.8
2018-07-03 CVE-2017-0919 Missing Authentication for Critical Function vulnerability in Gitlab
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
network
low complexity
gitlab CWE-306
7.5
7.5
2018-07-03 CVE-2018-7778 Missing Authentication for Critical Function vulnerability in Schneider-Electric Evlink Charging Station Firmware
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.
network
low complexity
schneider-electric CWE-306
critical
 9.8
9.8
2018-06-28 CVE-2018-8016 Missing Authentication for Critical Function vulnerability in Apache Cassandra
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
network
low complexity
apache CWE-306
critical
 9.8
9.8
2018-05-30 CVE-2018-11476 Missing Authentication for Critical Function vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices.
low complexity
vgate CWE-306
8.8
8.8
2018-04-25 CVE-2018-5486 Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
local
low complexity
netapp CWE-306
7.8
7.8