Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-16	CVE-2019-15106	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. network low complexity zohocorp CWE-306	7.5
2019-08-14	CVE-2019-9585	Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata. network low complexity eq-3 CWE-306	7.5
2019-08-13	CVE-2019-14984	Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request. network eq-3 CWE-306	6.8
2019-08-08	CVE-2019-13101	Missing Authentication for Critical Function vulnerability in Dlink Dir-600M Firmware An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. network low complexity dlink CWE-306	7.5
2019-08-07	CVE-2019-1895	Missing Authentication for Critical Function vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. network low complexity cisco CWE-306 critical	9.8
2019-07-30	CVE-2019-5451	Missing Authentication for Critical Function vulnerability in Nextcloud Server Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. local low complexity nextcloud CWE-306	2.1
2019-07-29	CVE-2019-3948	Missing Authentication for Critical Function vulnerability in multiple products The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. network low complexity amcrest dahua CWE-306	5.0
2019-07-19	CVE-2019-1010136	Missing Authentication for Critical Function vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2001En00 ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. network low complexity chinamobileltd CWE-306	7.8
2019-07-19	CVE-2019-13983	Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. network low complexity rangerstudio CWE-306	5.0
2019-07-10	CVE-2019-12468	Missing Authentication for Critical Function vulnerability in multiple products An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. network low complexity mediawiki debian CWE-306	7.5