Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2021-12-30 CVE-2021-20161 Missing Authentication for Critical Function vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality.
local
low complexity
trendnet CWE-306
7.2
7.2
2021-12-27 CVE-2021-45232 Missing Authentication for Critical Function vulnerability in Apache Apisix Dashboard
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
network
low complexity
apache CWE-306
7.5
7.5
2021-12-17 CVE-2021-36779 Missing Authentication for Critical Function vulnerability in Linuxfoundation Longhorn
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication.
low complexity
linuxfoundation CWE-306
critical
 9.6
9.6
2021-12-17 CVE-2021-36780 Missing Authentication for Critical Function vulnerability in Linuxfoundation Longhorn
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to.
low complexity
linuxfoundation CWE-306
8.1
8.1
2021-12-15 CVE-2021-36888 Missing Authentication for Critical Function vulnerability in Blocksera Image Hover Effects
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.
network
low complexity
blocksera CWE-306
critical
 9.8
9.8
2021-12-13 CVE-2021-22279 Missing Authentication for Critical Function vulnerability in ABB Omnicore C30 Firmware
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
network
abb CWE-306
critical
 9.3
9.3
2021-12-13 CVE-2021-44152 Missing Authentication for Critical Function vulnerability in Reprisesoftware Reprise License Manager
An issue was discovered in Reprise RLM 14.2.
network
low complexity
reprisesoftware CWE-306
critical
 9.8
9.8
2021-12-07 CVE-2021-34543 Missing Authentication for Critical Function vulnerability in BKW Solar-Log 500 Firmware
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server.
network
low complexity
bkw CWE-306
5.0
5.0
2021-11-29 CVE-2021-38147 Missing Authentication for Critical Function vulnerability in Wipro Holmes 20.4.1
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
network
low complexity
wipro CWE-306
5.0
5.0
2021-11-29 CVE-2021-38283 Missing Authentication for Critical Function vulnerability in Wipro Holmes 20.4.1
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.
network
low complexity
wipro CWE-306
5.0
5.0