Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2019-5514 Missing Authentication for Critical Function vulnerability in VMWare Fusion 11.0.0/11.0.1/11.0.2
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket.
network
low complexity
vmware CWE-306
8.8
8.8
2019-03-28 CVE-2019-6542 Missing Authentication for Critical Function vulnerability in Enttec products
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.
network
low complexity
enttec CWE-306
7.5
7.5
2019-03-25 CVE-2019-7642 Missing Authentication for Critical Function vulnerability in Dlink products
D-Link routers with the mydlink feature have some web interfaces without authentication requirements.
network
low complexity
dlink CWE-306
7.5
7.5
2019-03-25 CVE-2019-10042 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
7.5
7.5
2019-03-25 CVE-2019-10041 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2019-03-25 CVE-2019-10040 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2019-03-25 CVE-2019-10039 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request.
network
low complexity
dlink CWE-306
critical
 9.8
9.8
2019-03-21 CVE-2018-20220 Missing Authentication for Critical Function vulnerability in Teracue products
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below.
network
low complexity
teracue CWE-306
7.5
7.5
2019-03-01 CVE-2019-9484 Missing Authentication for Critical Function vulnerability in Carel Pcoweb Card Firmware
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."
network
low complexity
carel CWE-306
7.5
7.5
2019-02-26 CVE-2019-9201 Missing Authentication for Critical Function vulnerability in Phoenixcontact products
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
network
low complexity
phoenixcontact CWE-306
critical
 9.8
9.8