Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-28 | CVE-2018-8016 | Missing Authentication for Critical Function vulnerability in Apache Cassandra The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | 9.8 |
| 2018-05-30 | CVE-2018-11476 | Missing Authentication for Critical Function vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. | 8.8 |
| 2018-04-25 | CVE-2018-5486 | Missing Authentication for Critical Function vulnerability in Netapp Oncommand Unified Manager 7.2/7.3 NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | 7.8 |
| 2018-04-18 | CVE-2018-5339 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | 9.8 |
| 2018-04-18 | CVE-2018-5338 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | 9.8 |
| 2018-04-09 | CVE-2018-0554 | Missing Authentication for Critical Function vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | 8.8 |
| 2018-04-04 | CVE-2018-9119 | Missing Authentication for Critical Function vulnerability in Brilliantts Fuze Card BLE Firmware and Fuze Card MCU Firmware An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool. | 6.1 |
| 2018-03-31 | CVE-2018-9162 | Missing Authentication for Critical Function vulnerability in Contec-Touch Smart Home Firmware 4.15 Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | 9.8 |
| 2018-03-15 | CVE-2018-6223 | Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5 A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. | 9.8 |
| 2018-03-09 | CVE-2018-0521 | Missing Authentication for Critical Function vulnerability in Buffalo Wxr-1900Dhp2 Firmware 2.48 Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | 8.8 |