Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-7727 | Missing Authentication for Critical Function vulnerability in Nice Engage 6.5 In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. | 9.8 |
| 2019-04-19 | CVE-2019-10886 | Missing Authentication for Critical Function vulnerability in Sony Photo Sharing Plus 6.5830 An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). | 5.9 |
| 2019-04-18 | CVE-2019-11321 | Missing Authentication for Critical Function vulnerability in Motorola CX2 Firmware and M2 Firmware An issue was discovered in Motorola CX2 1.01 and M2 1.01. | 5.3 |
| 2019-04-17 | CVE-2019-1654 | Missing Authentication for Critical Function vulnerability in Cisco Ap-Cos A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. | 7.8 |
| 2019-04-10 | CVE-2019-10946 | Missing Authentication for Critical Function vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.5. | 7.5 |
| 2019-04-09 | CVE-2019-3941 | Missing Authentication for Critical Function vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | 7.5 |
| 2019-04-01 | CVE-2019-5514 | Missing Authentication for Critical Function vulnerability in VMWare Fusion 11.0.0/11.0.1/11.0.2 VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. | 8.8 |
| 2019-03-28 | CVE-2019-6542 | Missing Authentication for Critical Function vulnerability in Enttec products ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition. | 7.5 |
| 2019-03-25 | CVE-2019-7642 | Missing Authentication for Critical Function vulnerability in Dlink products D-Link routers with the mydlink feature have some web interfaces without authentication requirements. | 7.5 |
| 2019-03-25 | CVE-2019-10042 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 7.5 |