Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-01 | CVE-2019-9484 | Missing Authentication for Critical Function vulnerability in Carel Pcoweb Card Firmware The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | 7.5 |
| 2019-02-26 | CVE-2019-9201 | Missing Authentication for Critical Function vulnerability in Phoenixcontact products Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | 9.8 |
| 2019-02-25 | CVE-2019-9125 | Missing Authentication for Critical Function vulnerability in D-Link Dir-878 Firmware 1.12B01 An issue was discovered on D-Link DIR-878 1.12B01 devices. | 9.8 |
| 2019-02-24 | CVE-2019-9082 | Missing Authentication for Critical Function vulnerability in multiple products ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 9.3 |
| 2019-02-21 | CVE-2019-8985 | Missing Authentication for Critical Function vulnerability in Netis-Systems Wf2411 Firmware and Wf2880 Firmware On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. | 9.0 |
| 2019-02-15 | CVE-2019-0261 | Missing Authentication for Critical Function vulnerability in SAP Landscape Management 3.0 Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. | 7.5 |
| 2019-02-13 | CVE-2019-6543 | Missing Authentication for Critical Function vulnerability in Aveva Indusoft web Studio and Intouch Machine Edition 2014 AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. | 9.8 |
| 2019-02-12 | CVE-2019-6533 | Missing Authentication for Critical Function vulnerability in Kunbus Pr100088 Modbus Gateway Firmware 1.0.10232/1.1.13166 Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166). | 9.1 |
| 2019-02-05 | CVE-2019-7390 | Missing Authentication for Critical Function vulnerability in Dlink Dir-823G Firmware 1.02B03 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. | 5.0 |
| 2019-02-05 | CVE-2019-7389 | Missing Authentication for Critical Function vulnerability in Dlink Dir-823G Firmware 1.02B03 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. | 7.8 |