Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-26 | CVE-2019-13523 | Missing Authentication for Critical Function vulnerability in Honeywell products In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. | 5.3 |
2019-09-25 | CVE-2019-15068 | Missing Authentication for Critical Function vulnerability in Gigastone Smart Battery A4 Firmware R1.7.9 A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. | 9.8 |
2019-09-24 | CVE-2019-5504 | Missing Authentication for Critical Function vulnerability in Netapp Ontap Select Deploy Administration Utility 2.12/2.12.1 ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | 9.8 |
2019-09-18 | CVE-2019-14253 | Missing Authentication for Critical Function vulnerability in Publisure 2.1.2 An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. | 6.5 |
2019-09-17 | CVE-2019-16199 | Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process. | 9.8 |
2019-09-11 | CVE-2019-8449 | Missing Authentication for Critical Function vulnerability in Atlassian Jira The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 5.3 |
2019-09-10 | CVE-2019-11496 | Missing Authentication for Critical Function vulnerability in Couchbase Server In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. | 9.1 |
2019-09-10 | CVE-2019-11466 | Missing Authentication for Critical Function vulnerability in Couchbase Server 5.5.0/6.0.0 In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. | 5.3 |
2019-09-10 | CVE-2019-12105 | Missing Authentication for Critical Function vulnerability in Supervisord Supervisor In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. | 8.2 |
2019-09-10 | CVE-2019-15896 | Missing Authentication for Critical Function vulnerability in Lifterlms An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. | 9.8 |