855 matches found
Authentication flaw
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
PT-2023-6678 · Kareadita · Kavita
Name of the Vulnerable Software and Affected Versions: kareadita/kavita versions prior to 0.7.0 Description: The issue is related to a missing authentication for a critical function in the kareadita/kavita GitHub repository. This could allow a remote attacker to impact the confidentiality and...
CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
CVE-2023-22803 CVE-2023-22803
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily...
SUSE CVE-2021-36780
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...
SUSE CVE-2022-21952
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...
NEC PC Settings Tool vulnerable to missing authentication for critical function
Overview PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Haruki Yadani of LAC Co., Ltd. reported this vulnerability to IPA...
CVE-2022-42970
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...
CVE-2022-42970
Schneider Electric APC Easy UPS Online Monitoring Software (Schneider Electric/APC Easy UPS Online Monitoring Software) versions prior to V2.5-GA (Windows 7/10/11 and Windows Server 2016/2019/2022) and prior to V2.5-GA-01-22261 (Windows 11/Server 2019/2022) are affected by CVE-2022-42970 due to m...
CVE-2022-32528
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS...
CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor
CVE-2022-46463 CVE-2022-46463POChttps://nvd.nist.gov/vuln...
CVE-2018-25075 karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection
A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rathe...
The vulnerability of the APC Easy UPS Online Monitoring Software lies in the lack of authentication for a critical function, allowing attackers to gain access to the software.
The vulnerability of the APC Easy UPS Online Monitoring Software relates to the absence of authentication for a critical function. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the software...
CVE-2022-4018
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
PYSEC-2022-43001
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
Authentication flaw
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...