Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-5589 Missing Authentication for Critical Function vulnerability in Sony products
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
low complexity
sony CWE-306
8.8
8.8
2020-06-08 CVE-2020-10754 Missing Authentication for Critical Function vulnerability in multiple products
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile.
network
low complexity
gnome fedoraproject CWE-306
4.3
4.3
2020-06-04 CVE-2020-13838 Missing Authentication for Critical Function vulnerability in Google Android 10.0/9.0
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software.
low complexity
google CWE-306
3.5
3.5
2020-06-04 CVE-2020-13837 Missing Authentication for Critical Function vulnerability in Google Android 10.0
An issue was discovered on Samsung mobile devices with Q(10.0) software.
low complexity
google CWE-306
3.5
3.5
2020-06-03 CVE-2020-3333 Missing Authentication for Critical Function vulnerability in Cisco products
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device.
network
low complexity
cisco CWE-306
5.3
5.3
2020-06-03 CVE-2020-7115 Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass Policy Manager
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass.
network
low complexity
arubanetworks CWE-306
critical
 9.8
9.8
2020-06-02 CVE-2020-12017 Missing Authentication for Critical Function vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05.
network
low complexity
ge CWE-306
critical
 9.8
9.8
2020-05-20 CVE-2020-1955 Missing Authentication for Critical Function vulnerability in Apache Couchdb 3.0.0
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`.
network
low complexity
apache CWE-306
critical
 9.8
9.8
2020-05-15 CVE-2019-18666 Missing Authentication for Critical Function vulnerability in Dlink Dap-1360 Revision F Firmware 6.12B01
An issue was discovered on D-Link DAP-1360 revision F devices.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2020-05-14 CVE-2020-12877 Missing Authentication for Critical Function vulnerability in Veritas Aptare
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.
network
low complexity
veritas CWE-306
7.5
7.5