Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-15 | CVE-2020-35466 | Missing Authentication for Critical Function vulnerability in Blackfire Docker Image 20201214 The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. | 9.8 |
2020-12-15 | CVE-2020-35465 | Missing Authentication for Critical Function vulnerability in Fullarmor Hapi File Share Mount The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. | 10.0 |
2020-12-15 | CVE-2020-35464 | Missing Authentication for Critical Function vulnerability in Weave Cloud Agent 1.3.0 Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. | 10.0 |
2020-12-15 | CVE-2020-35463 | Missing Authentication for Critical Function vulnerability in Instana Dynamic APM 1.0.0 Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. | 10.0 |
2020-12-15 | CVE-2020-35462 | Missing Authentication for Critical Function vulnerability in Coscale Agent Project Coscale Agent 3.16.0 Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. | 10.0 |
2020-12-14 | CVE-2020-25228 | Missing Authentication for Critical Function vulnerability in Siemens Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 8 BM (incl. | 10.0 |
2020-12-14 | CVE-2020-16102 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. | 6.4 |
2020-12-11 | CVE-2020-7540 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. | 9.8 |
2020-12-02 | CVE-2020-29389 | Missing Authentication for Critical Function vulnerability in Docker Crux Linux Docker Image The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. | 10.0 |
2020-11-27 | CVE-2020-29138 | Missing Authentication for Critical Function vulnerability in Sagemcom F@St 3486 Router Firmware 4.109.0 Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. | 5.3 |