Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-02	CVE-2019-12392	Missing Authentication for Critical Function vulnerability in Anviz Firmware Anviz access control devices allow remote attackers to issue commands without a password. network low complexity anviz CWE-306 critical	9.8
2019-12-02	CVE-2019-12390	Missing Authentication for Critical Function vulnerability in Anviz Firmware Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. network low complexity anviz CWE-306	5.3
2019-12-02	CVE-2019-12389	Missing Authentication for Critical Function vulnerability in Anviz Firmware Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. network low complexity anviz CWE-306	7.5
2019-11-27	CVE-2011-2187	Missing Authentication for Critical Function vulnerability in multiple products xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. local low complexity xscreensaver-project debian CWE-306	7.8
2019-11-26	CVE-2019-16243	Missing Authentication for Critical Function vulnerability in Alcatelmobile Cingular Flip 2 Firmware B9Huah1 On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. network low complexity alcatelmobile CWE-306	6.1
2019-11-21	CVE-2019-15511	Missing Authentication for Critical Function vulnerability in GOG Galaxy An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. local low complexity gog CWE-306	7.8
2019-11-14	CVE-2019-18939	Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. network low complexity eq-3 hm-print-project CWE-306 critical	9.8
2019-11-14	CVE-2019-18938	Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. network low complexity eq-3 hm-email-project CWE-306 critical	9.8
2019-11-14	CVE-2019-18937	Missing Authentication for Critical Function vulnerability in multiple products eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. network low complexity eq-3 scriptparser-project CWE-306 critical	9.8
2019-11-12	CVE-2019-18925	Missing Authentication for Critical Function vulnerability in Systematic Iris Webforms 5.4 Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. network low complexity systematic CWE-306 critical	9.8