Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-08-05 CVE-2020-15127 Missing Authentication for Critical Function vulnerability in Projectcontour Contour
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane.
network
low complexity
projectcontour CWE-306
7.5
7.5
2020-07-31 CVE-2020-3461 Missing Authentication for Critical Function vulnerability in Cisco Data Center Network Manager
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device.
network
low complexity
cisco CWE-306
5.3
5.3
2020-07-31 CVE-2020-3376 Missing Authentication for Critical Function vulnerability in Cisco Data Center Network Manager
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2020-07-29 CVE-2020-2076 Missing Authentication for Critical Function vulnerability in Sick Package Analytics 04.0.0
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API.
network
low complexity
sick CWE-306
critical
 9.8
9.8
2020-07-23 CVE-2020-15391 Missing Authentication for Critical Function vulnerability in Devspace 4.13.0
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol.
network
low complexity
devspace CWE-306
critical
 9.8
9.8
2020-07-22 CVE-2020-15894 Missing Authentication for Critical Function vulnerability in Dlink Dir-816L Firmware 2.06/2.06.B09
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02.
network
low complexity
dlink CWE-306
7.5
7.5
2020-07-20 CVE-2020-12028 Missing Authentication for Critical Function vulnerability in Rockwellautomation Factorytalk View
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions.
network
low complexity
rockwellautomation CWE-306
8.1
8.1
2020-07-17 CVE-2020-10605 Missing Authentication for Critical Function vulnerability in Grundfos CIM 500 Firmware
Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.
network
low complexity
grundfos CWE-306
7.5
7.5
2020-07-16 CVE-2020-13405 Missing Authentication for Critical Function vulnerability in Microweber
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
network
low complexity
microweber CWE-306
7.5
7.5
2020-07-15 CVE-2020-14501 Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue.
network
low complexity
advantech CWE-306
critical
 9.8
9.8