Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2017-07-04 CVE-2017-10804 Missing Authentication for Critical Function vulnerability in Odoo 10.0/8.0/9.0
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer.
network
low complexity
odoo CWE-306
critical
9.8
2017-06-30 CVE-2017-6044 Missing Authentication for Critical Function vulnerability in Sierra Wireless products
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11.
network
low complexity
sierra-wireless CWE-306
critical
9.8
2017-06-20 CVE-2017-3216 Missing Authentication for Critical Function vulnerability in multiple products
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
network
low complexity
greenpacket huawei mada zte zyxel CWE-306
critical
9.8
2017-06-13 CVE-2015-9030 Missing Authentication for Critical Function vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
local
low complexity
google CWE-306
7.8
2017-06-09 CVE-2016-7830 Missing Authentication for Critical Function vulnerability in Sony products
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
low complexity
sony CWE-306
8.8
2017-04-10 CVE-2016-5053 Missing Authentication for Critical Function vulnerability in Osram Lightify Home 1.6.1
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
network
low complexity
osram CWE-306
critical
9.8
2017-04-10 CVE-2015-2888 Missing Authentication for Critical Function vulnerability in Summerinfant Baby Zoom Wifi Monitor Firmware
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.
network
low complexity
summerinfant CWE-306
critical
9.8
2017-03-15 CVE-2017-3819 Missing Authentication for Critical Function vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access.
network
low complexity
cisco CWE-306
8.8
2017-03-02 CVE-2017-6409 Missing Authentication for Critical Function vulnerability in Veritas Netbackup and Netbackup Appliance
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier.
network
low complexity
veritas CWE-306
critical
9.8
2017-02-13 CVE-2016-8355 Missing Authentication for Critical Function vulnerability in Smiths-Medical Cadd-Solis Medication Safety Software
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1.
network
low complexity
smiths-medical CWE-306
critical
9.9