Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-03 | CVE-2017-0919 | Missing Authentication for Critical Function vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | 7.5 |
2018-07-03 | CVE-2018-7778 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Evlink Charging Station Firmware In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users. | 9.8 |
2018-06-28 | CVE-2018-8016 | Missing Authentication for Critical Function vulnerability in Apache Cassandra The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | 9.8 |
2018-05-30 | CVE-2018-11476 | Missing Authentication for Critical Function vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. | 8.8 |
2018-04-25 | CVE-2018-5486 | Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | 7.8 |
2018-04-18 | CVE-2018-5339 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | 9.8 |
2018-04-18 | CVE-2018-5338 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | 9.8 |
2018-04-09 | CVE-2018-0554 | Missing Authentication for Critical Function vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | 8.8 |
2018-04-04 | CVE-2018-9119 | Missing Authentication for Critical Function vulnerability in Brilliantts Fuze Card BLE Firmware and Fuze Card MCU Firmware An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool. | 6.1 |
2018-03-31 | CVE-2018-9162 | Missing Authentication for Critical Function vulnerability in Contec-Touch Smart Home Firmware 4.15 Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | 9.8 |