Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-1010136 Missing Authentication for Critical Function vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2001En00
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot.
network
low complexity
chinamobileltd CWE-306
7.5
7.5
2019-07-19 CVE-2019-13983 Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API
Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.
network
low complexity
rangerstudio CWE-306
critical
 9.8
9.8
2019-07-11 CVE-2019-10915 Missing Authentication for Critical Function vulnerability in Siemens Sinetplan and TIA Administrator
A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1).
local
low complexity
siemens CWE-306
7.8
7.8
2019-07-10 CVE-2019-12468 Missing Authentication for Critical Function vulnerability in multiple products
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1.
network
low complexity
mediawiki debian CWE-306
critical
 9.8
9.8
2019-07-10 CVE-2019-10121 Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks.
network
low complexity
eq-3 CWE-306
critical
 9.8
9.8
2019-07-10 CVE-2019-10119 Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks.
network
low complexity
eq-3 CWE-306
critical
 9.8
9.8
2019-07-09 CVE-2019-13338 Missing Authentication for Critical Function vulnerability in Weseek Growi
In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata.
network
low complexity
weseek CWE-306
7.5
7.5
2019-07-09 CVE-2019-11020 Missing Authentication for Critical Function vulnerability in Ddrt Dashcom Live Firmware 20190509
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.
network
low complexity
ddrt CWE-306
7.5
7.5
2019-07-09 CVE-2019-11019 Missing Authentication for Critical Function vulnerability in Ddrt Dashcom Live Firmware 20190508
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs.
network
low complexity
ddrt CWE-306
7.5
7.5
2019-07-08 CVE-2019-12174 Missing Authentication for Critical Function vulnerability in Hide Hide.Me
hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool.
local
low complexity
hide CWE-306
7.8
7.8