Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-08-31 CVE-2020-25048 Missing Authentication for Critical Function vulnerability in Google Android 10.0
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software.
low complexity
google CWE-306
4.6
2020-08-31 CVE-2020-24363 Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wa855Re Firmware 20200415
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot.
low complexity
tp-link CWE-306
8.8
2020-08-31 CVE-2020-20627 Missing Authentication for Critical Function vulnerability in Givewp
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.
network
low complexity
givewp CWE-306
5.3
2020-08-26 CVE-2018-1501 Missing Authentication for Critical Function vulnerability in IBM Security Guardium 10.5/10.6/11.0
IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls.
network
low complexity
ibm CWE-306
7.5
2020-08-26 CVE-2020-15483 Missing Authentication for Critical Function vulnerability in Niscomed M1000 Multipara Patient Monitor Firmware
An issue was discovered on Nescomed Multipara Monitor M1000 devices.
low complexity
niscomed CWE-306
6.8
2020-08-21 CVE-2020-24051 Missing Authentication for Critical Function vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations.
network
low complexity
moog CWE-306
critical
9.8
2020-08-17 CVE-2020-3448 Missing Authentication for Critical Function vulnerability in Cisco Cyber Vision Center
A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device.
network
low complexity
cisco CWE-306
5.8
2020-08-14 CVE-2020-17475 Missing Authentication for Critical Function vulnerability in Megvii Koala Firmware 2.9.1C3S
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
network
low complexity
megvii CWE-306
7.5
2020-08-14 CVE-2019-5591 Missing Authentication for Critical Function vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-306
6.5
2020-08-12 CVE-2020-12106 Missing Authentication for Critical Function vulnerability in Stengg Vpncrypt M10 Firmware 2.6.5
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.
network
low complexity
stengg CWE-306
critical
9.8