Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2019-09-03 CVE-2019-15043 Missing Authentication for Critical Function vulnerability in Grafana
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use.
network
low complexity
grafana CWE-306
7.5
7.5
2019-09-03 CVE-2019-15858 Missing Authentication for Critical Function vulnerability in Webcraftic Woody AD Snippets
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. 		6.8
6.8
2019-08-30 CVE-2019-15819 Missing Authentication for Critical Function vulnerability in Restaurant Reservations Project Restaurant Reservations
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.
network
low complexity
restaurant-reservations-project CWE-306
7.5
7.5
2019-08-29 CVE-2019-13406 Missing Authentication for Critical Function vulnerability in Androvideo VD 1 Firmware
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230.
network
low complexity
androvideo CWE-306
5.0
5.0
2019-08-29 CVE-2019-13405 Missing Authentication for Critical Function vulnerability in Androvideo VD 1 Firmware 230
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service.
network
low complexity
androvideo CWE-306
critical
 10.0
10
2019-08-29 CVE-2019-11063 Missing Authentication for Critical Function vulnerability in Asus Smarthome
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication.
low complexity
asus CWE-306
8.3
8.3
2019-08-29 CVE-2019-11061 Missing Authentication for Critical Function vulnerability in Asus Hg100 Firmware 1.05.12/4.00.06
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication.
low complexity
asus CWE-306
4.8
4.8
2019-08-28 CVE-2019-9935 Missing Authentication for Critical Function vulnerability in Lexmark products
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
network
low complexity
lexmark CWE-306
5.0
5.0
2019-08-28 CVE-2019-9934 Missing Authentication for Critical Function vulnerability in Lexmark products
Various Lexmark products have Incorrect Access Control (issue 1 of 2).
network
low complexity
lexmark CWE-306
5.0
5.0
2019-08-22 CVE-2019-14511 Missing Authentication for Critical Function vulnerability in Sphinxsearch Sphinx 3.1.1
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).
network
low complexity
sphinxsearch CWE-306
7.5
7.5