Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-10	CVE-2020-29311	Missing Authentication for Critical Function vulnerability in Ubilling 1.0.9 Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. network low complexity ubilling CWE-306 critical	9.8
2020-12-09	CVE-2020-26829	Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. network low complexity sap CWE-306 critical	10.0
2020-12-08	CVE-2020-27902	Missing Authentication for Critical Function vulnerability in Apple Iphone OS An authentication issue was addressed with improved state management. low complexity apple CWE-306	4.6
2020-12-08	CVE-2020-28946	Missing Authentication for Critical Function vulnerability in Plummac Ik-401 Firmware An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. network low complexity plummac CWE-306	7.5
2020-12-02	CVE-2020-29389	Missing Authentication for Critical Function vulnerability in Docker Crux Linux Docker Image The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. network low complexity docker CWE-306 critical	9.8
2020-11-29	CVE-2020-29379	Missing Authentication for Critical Function vulnerability in Vsolcn V1600D-Mini Firmware and V1600D4L Firmware An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. local low complexity vsolcn CWE-306	5.5
2020-11-27	CVE-2020-29138	Missing Authentication for Critical Function vulnerability in Sagemcom F@St 3486 Router Firmware 4.109.0 Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. network low complexity sagemcom CWE-306	5.3
2020-11-24	CVE-2020-29058	Missing Authentication for Critical Function vulnerability in Cdatatec products An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. network low complexity cdatatec CWE-306 critical	9.8
2020-11-23	CVE-2020-27985	Missing Authentication for Critical Function vulnerability in Securityonionsolutions Security Onion Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. local low complexity securityonionsolutions CWE-306	7.8
2020-11-18	CVE-2020-3531	Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. network low complexity cisco CWE-306 critical	9.8