Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-13933 HIGH

Siemens SCALANCE X-200RNA, X204RNA, X-300, XR-300WG, XR-300, X408-2, SIPLUS NET CSM 1277 <4.1.3 - Access Control Bypass

CVE-2019-20143 MEDIUM

GitLab 12.6 - Missing Authentication for Critical Function

CVE-2019-17146 CRITICAL

D-Link DCS-935L <1.12.101 & DCS-960L <1.07.102 - Unauthenticated Stack Overflow via HNAP

CVE-2019-16271 MEDIUM

DTEN D5-D7 <1.3.2 - Info Disclosure

CVE-2019-5080 CRITICAL

WAGO PFC 200/100 <3.01.07-3.00.39 - DoS

CVE-2019-5078 CRITICAL

WAGO PFC200/100 <03.01.07(13), 03.00.39(12) - DoS

CVE-2019-18572 CRITICAL

RSA Identity Governance and Lifecycle <7.1.1 P03 - Auth Bypass

CVE-2019-5077 CRITICAL

WAGO PFC 200 and PFC 100 Firmware - Unauthenticated Denial of Service via I/O-Check Service

CVE-2019-8682 LOW

iPhone OS < 12.4 and watchOS < 5.3 - Unauthenticated In-App Purchase via Lock Screen

CVE-2019-8522 MEDIUM

macOS < 10.14.4 - Unauthenticated Encrypted Volume Remount

CVE-2019-5152 HIGH

Shadowsocks-libev <3.3.2 - Info Disclosure

CVE-2019-16731 HIGH

Petalk AI Firmware 3.2.2.30 - Unauthenticated Firmware Upgrade and Settings Alteration

CVE-2019-18339 CRITICAL

SiNVR/SiVMS Video Server < V5.0.0 - Unauthenticated Authentication Bypass via HTTP Service

CVE-2019-18311 HIGH

SPPA-T3000 MS3000 Migration Server - DoS

CVE-2019-18284 CRITICAL

SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Password Hash Exposure and Password Change via AdminService

CVE-2019-15932 CRITICAL

Intesync Solismed 3.3sp - Info Disclosure

CVE-2019-4244 CRITICAL

IBM SmartCloud Analytics Log Analysis 1.3.1-1.3.5 - Unauthenticated Unrestricted Zookeeper Access

CVE-2019-5164 HIGH

shadowsocks-libev 3.3.2 - Unauthenticated Remote Code Execution via Network Packet Handling

CVE-2019-5163 HIGH

shadowsocks-libev 3.3.2 - Denial of Service via UDP Packet Handling

CVE-2019-12503 CRITICAL

Inateck BCST-60 Firmware - Keystroke Injection via Unencrypted Communication

CVE-2019-12392 CRITICAL

Anviz Access Control Devices - Command Injection

CVE-2019-12390 MEDIUM

Anviz Access Control - Info Disclosure

CVE-2019-12389 HIGH

Anviz Access Control - Info Disclosure

CVE-2019-16243 MEDIUM

TCL Alcatel Cingular Flip 2 B9HUAH1 - Info Disclosure

CVE-2019-15511 HIGH

GOG Galaxy < 1.2.60 - Unauthenticated Local Privilege Escalation via TCP Packet Injection

Previous Page 86 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy