Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-13 | CVE-2017-14417 | Missing Authentication for Critical Function vulnerability in Dlink Dir-850L Firmware register_send.php on D-Link DIR-850L REV. | 9.8 |
| 2017-09-09 | CVE-2017-12733 | Missing Authentication for Critical Function vulnerability in Opwglobal products A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. | 9.8 |
| 2017-08-18 | CVE-2017-12440 | Missing Authentication for Critical Function vulnerability in Openstack 07132017 Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. | 7.5 |
| 2017-07-28 | CVE-2017-4919 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5 VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | 9.0 |
| 2017-07-12 | CVE-2017-4055 | Missing Authentication for Critical Function vulnerability in Mcafee Advanced Threat Defense Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. | 7.5 |
| 2017-07-12 | CVE-2017-4052 | Missing Authentication for Critical Function vulnerability in Mcafee Advanced Threat Defense Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. | 9.8 |
| 2017-07-04 | CVE-2017-10804 | Missing Authentication for Critical Function vulnerability in Odoo 10.0/8.0/9.0 In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. | 9.8 |
| 2017-06-30 | CVE-2017-6044 | Missing Authentication for Critical Function vulnerability in Sierra Wireless products An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. | 9.8 |
| 2017-06-20 | CVE-2017-3216 | Missing Authentication for Critical Function vulnerability in multiple products WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | 9.8 |
| 2017-06-13 | CVE-2015-9030 | Missing Authentication for Critical Function vulnerability in Google Android In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | 7.8 |