Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2021-21535 | Missing Authentication for Critical Function vulnerability in Dell Hybrid Client 1.0/1.1/1.1.01 Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. | 7.8 |
| 2021-04-29 | CVE-2020-21997 | Missing Authentication for Critical Function vulnerability in Smartwares Home Easy Firmware Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. | 7.5 |
| 2021-04-28 | CVE-2020-21996 | Missing Authentication for Critical Function vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. | 7.5 |
| 2021-04-27 | CVE-2020-17517 | Missing Authentication for Critical Function vulnerability in Apache Ozone 0.4.2/0.5.0/1.0.0 The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. | 7.5 |
| 2021-04-26 | CVE-2020-15078 | Missing Authentication for Critical Function vulnerability in multiple products OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | 7.5 |
| 2021-04-26 | CVE-2021-20697 | Missing Authentication for Critical Function vulnerability in Dlink Dap-1880Ac Firmware 1.21 Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors. | 9.8 |
| 2021-04-12 | CVE-2021-24219 | Missing Authentication for Critical Function vulnerability in Thrivethemes products The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. | 5.3 |
| 2021-04-08 | CVE-2021-30462 | Missing Authentication for Critical Function vulnerability in Vestacp Vesta Control Panel VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. | 7.2 |
| 2021-04-02 | CVE-2021-28124 | Missing Authentication for Critical Function vulnerability in Cohesity Dataplatform 6.3/6.4/6.5.1 A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. | 5.9 |
| 2021-03-31 | CVE-2021-22997 | Missing Authentication for Critical Function vulnerability in F5 Big-Iq Centralized Management On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. | 7.5 |