Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-03 | CVE-2019-15043 | Missing Authentication for Critical Function vulnerability in Grafana In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. | 7.5 |
2019-09-03 | CVE-2019-15858 | Missing Authentication for Critical Function vulnerability in Webcraftic Woody AD Snippets admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. | 6.8 |
2019-08-30 | CVE-2019-15819 | Missing Authentication for Critical Function vulnerability in Restaurant Reservations Project Restaurant Reservations The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. | 7.5 |
2019-08-29 | CVE-2019-13406 | Missing Authentication for Critical Function vulnerability in Androvideo VD 1 Firmware A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. | 5.0 |
2019-08-29 | CVE-2019-13405 | Missing Authentication for Critical Function vulnerability in Androvideo VD 1 Firmware 230 A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. | 10.0 |
2019-08-29 | CVE-2019-11063 | Missing Authentication for Critical Function vulnerability in Asus Smarthome A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. | 8.3 |
2019-08-29 | CVE-2019-11061 | Missing Authentication for Critical Function vulnerability in Asus Hg100 Firmware 1.05.12/4.00.06 A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. | 4.8 |
2019-08-28 | CVE-2019-9935 | Missing Authentication for Critical Function vulnerability in Lexmark products Various Lexmark products have Incorrect Access Control (issue 2 of 2). | 5.0 |
2019-08-28 | CVE-2019-9934 | Missing Authentication for Critical Function vulnerability in Lexmark products Various Lexmark products have Incorrect Access Control (issue 1 of 2). | 5.0 |
2019-08-22 | CVE-2019-14511 | Missing Authentication for Critical Function vulnerability in Sphinxsearch Sphinx 3.1.1 Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). | 7.5 |