Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2019-13523 Missing Authentication for Critical Function vulnerability in Honeywell products
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network.
network
low complexity
honeywell CWE-306
5.3
2019-09-25 CVE-2019-15068 Missing Authentication for Critical Function vulnerability in Gigastone Smart Battery A4 Firmware R1.7.9
A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
network
low complexity
gigastone CWE-306
critical
9.8
2019-09-24 CVE-2019-5504 Missing Authentication for Critical Function vulnerability in Netapp Ontap Select Deploy Administration Utility 2.12/2.12.1
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.
network
low complexity
netapp CWE-306
critical
9.8
2019-09-18 CVE-2019-14253 Missing Authentication for Critical Function vulnerability in Publisure 2.1.2
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2.
network
low complexity
publisure CWE-306
6.5
2019-09-17 CVE-2019-16199 Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
network
low complexity
eq-3 CWE-306
critical
9.8
2019-09-11 CVE-2019-8449 Missing Authentication for Critical Function vulnerability in Atlassian Jira
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
network
low complexity
atlassian CWE-306
5.3
2019-09-10 CVE-2019-11496 Missing Authentication for Critical Function vulnerability in Couchbase Server
In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication.
network
low complexity
couchbase CWE-306
critical
9.1
2019-09-10 CVE-2019-11466 Missing Authentication for Critical Function vulnerability in Couchbase Server 5.5.0/6.0.0
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only.
network
low complexity
couchbase CWE-306
5.3
2019-09-10 CVE-2019-12105 Missing Authentication for Critical Function vulnerability in Supervisord Supervisor
In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service.
network
low complexity
supervisord CWE-306
8.2
2019-09-10 CVE-2019-15896 Missing Authentication for Critical Function vulnerability in Lifterlms
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress.
network
low complexity
lifterlms CWE-306
critical
9.8