Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-16 | CVE-2019-6447 | Missing Authentication for Critical Function vulnerability in Estrongs ES File Explorer File Manager The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. | 8.1 |
2019-01-11 | CVE-2018-15466 | Missing Authentication for Critical Function vulnerability in Cisco Policy Suite for Mobile 12.0.0 A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. | 4.3 |
2019-01-10 | CVE-2018-0181 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. | 7.5 |
2019-01-08 | CVE-2019-0246 | Missing Authentication for Critical Function vulnerability in SAP Cloud Connector SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. | 7.5 |
2019-01-03 | CVE-2018-18995 | Missing Authentication for Critical Function vulnerability in ABB Gate-E1 Firmware and Gate-E2 Firmware Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. | 7.5 |
2019-01-03 | CVE-2018-18264 | Missing Authentication for Critical Function vulnerability in Kubernetes Dashboard Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | 7.5 |
2018-12-24 | CVE-2018-19248 | Missing Authentication for Critical Function vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | 6.4 |
2018-12-07 | CVE-2018-17924 | Missing Authentication for Critical Function vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. | 7.8 |
2018-11-14 | CVE-2018-7357 | Missing Authentication for Critical Function vulnerability in ZTE Zxhn H168N Firmware ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | 3.3 |
2018-11-07 | CVE-2018-19079 | Missing Authentication for Critical Function vulnerability in multiple products An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. | 7.8 |