The vulnerability of the database server of the software solution for monitoring the status of B&R APROL industrial systems allows a hacker to read and modify configuration data.

The vulnerability of the database server of the B&R APROL software solution for monitoring the status of industrial systems is related to the absence of an authentication procedure. Exploiting this vulnerability allows a malicious actor to read and modify configuration data remotely...

CVE-2023-24526

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user c...

CVE-2023-22803

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily...

SUSE CVE-2008-4576

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

CVE-2022-48299

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

plugin: Lack of authentication mechanism in Git Plugin webhook

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

CVE-2022-3841

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery SSRF vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes RHACM. An attacker could take advantage of this as the console API endpoint is missing an...

The vulnerability of the Cisco Software-Defined Application Visibility and Control (SD-AVC) function in the centralized network management system, the Cisco Catalyst SD-WAN Manager, allows a intruder to gain unauthorized access to the system.

The vulnerability of the Cisco Software-Defined Application Visibility and Control SD-AVC function in the centralized network management system, Cisco Catalyst SD-WAN Manager, is related to the lack of authentication for this critical function. Exploiting this vulnerability could allow a maliciou...

CVE-2022-24190

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. An access control error vulnerability exists in Rdiffweb versions prior to 2.5.0a6, which stems from a lack of authentication for critic...

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

CVE-2022-41644

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges...

Password recovery vulnerability affects multiple SICK SIMs

SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a "Missing Authentication for Critical Function" vulnerability and results from a mishandling of access to a password recovery mechanism. It is possible for an unprivileged, remote user ...

PT-2022-23329 · Siemens · Logo! 8 Bm

Name of the Vulnerable Software and Affected Versions: LOGO! 8 BM incl. SIPLUS variants versions prior to V8.3 Description: A vulnerability has been identified where affected devices load firmware updates without checking the authenticity. The integrity of the unencrypted firmware is only verifie...

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

DEBIAN-CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...

The implementation of the wchp/wchc command in the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is vulnerable. This vulnerability stems from the lack of authentication for the critical function, allowing a malicious actor operating remotely to cause service failures.

The vulnerability of the wchp/wchc command implementation in the centralized service for managing configuration information, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the lack of authentication for the critical function. Exploiting this...

GHSA-V878-67XW-GRW2 Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...