Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2019-18938 | Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. | 9.8 |
| 2019-11-14 | CVE-2019-18937 | Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. | 9.8 |
| 2019-11-12 | CVE-2019-18925 | Missing Authentication for Critical Function vulnerability in Systematic Iris Webforms 5.4 Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. | 9.8 |
| 2019-11-12 | CVE-2019-17235 | Missing Authentication for Critical Function vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | 5.3 |
| 2019-11-12 | CVE-2019-17234 | Missing Authentication for Critical Function vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | 7.5 |
| 2019-11-06 | CVE-2019-5644 | Missing Authentication for Critical Function vulnerability in Gatech Computing for Good'S Basic Laboratory Information System 3.3/3.4/3.5 Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. | 9.8 |
| 2019-11-06 | CVE-2019-5643 | Missing Authentication for Critical Function vulnerability in Gatech Computing for Good'S Basic Laboratory Information System 3.3/3.4/3.5 Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. | 5.3 |
| 2019-11-06 | CVE-2019-5617 | Missing Authentication for Critical Function vulnerability in Gatech Computing for Good'S Basic Laboratory Information System 3.3/3.4 Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. | 9.8 |
| 2019-11-06 | CVE-2006-0062 | Missing Authentication for Critical Function vulnerability in Sillycycle Xlockmore 5.13 xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | 9.8 |
| 2019-11-06 | CVE-2006-0061 | Missing Authentication for Critical Function vulnerability in Sillycycle Xlockmore 5.13/5.22 xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. | 9.8 |