Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2018-07-03 CVE-2017-0919 Missing Authentication for Critical Function vulnerability in Gitlab
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
network
low complexity
gitlab CWE-306
7.5
2018-07-03 CVE-2018-7778 Missing Authentication for Critical Function vulnerability in Schneider-Electric Evlink Charging Station Firmware
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.
network
low complexity
schneider-electric CWE-306
critical
9.8
2018-06-28 CVE-2018-8016 Missing Authentication for Critical Function vulnerability in Apache Cassandra
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
network
low complexity
apache CWE-306
critical
9.8
2018-05-30 CVE-2018-11476 Missing Authentication for Critical Function vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices.
low complexity
vgate CWE-306
8.8
2018-04-25 CVE-2018-5486 Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
local
low complexity
netapp CWE-306
7.8
2018-04-18 CVE-2018-5339 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
network
low complexity
zohocorp CWE-306
critical
9.8
2018-04-18 CVE-2018-5338 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
network
low complexity
zohocorp CWE-306
critical
9.8
2018-04-09 CVE-2018-0554 Missing Authentication for Critical Function vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
low complexity
buffalo CWE-306
8.8
2018-04-04 CVE-2018-9119 Missing Authentication for Critical Function vulnerability in Brilliantts Fuze Card BLE Firmware and Fuze Card MCU Firmware
An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.
low complexity
brilliantts CWE-306
6.1
2018-03-31 CVE-2018-9162 Missing Authentication for Critical Function vulnerability in Contec-Touch Smart Home Firmware 4.15
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.
network
low complexity
contec-touch CWE-306
critical
9.8