Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-35467 | Missing Authentication for Critical Function vulnerability in Docker Docs 20201214 The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. | 9.8 |
| 2020-12-15 | CVE-2020-35466 | Missing Authentication for Critical Function vulnerability in Blackfire Docker Image 20201214 The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. | 9.8 |
| 2020-12-15 | CVE-2020-35464 | Missing Authentication for Critical Function vulnerability in Weave Cloud Agent 1.3.0 Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. | 9.8 |
| 2020-12-15 | CVE-2020-35463 | Missing Authentication for Critical Function vulnerability in Instana Dynamic APM 1.0.0 Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. | 9.8 |
| 2020-12-15 | CVE-2020-35462 | Missing Authentication for Critical Function vulnerability in Coscale Agent Project Coscale Agent 3.16.0 Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. | 9.8 |
| 2020-12-14 | CVE-2020-16102 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. | 8.2 |
| 2020-12-10 | CVE-2020-29311 | Missing Authentication for Critical Function vulnerability in Ubilling 1.0.9 Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. | 9.8 |
| 2020-12-09 | CVE-2020-26829 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. | 10.0 |
| 2020-12-08 | CVE-2020-27902 | Missing Authentication for Critical Function vulnerability in Apple Iphone OS An authentication issue was addressed with improved state management. | 4.6 |
| 2020-12-08 | CVE-2020-28946 | Missing Authentication for Critical Function vulnerability in Plummac Ik-401 Firmware An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. | 7.5 |