855 matches found
CVE-2022-35733
CVE-2022-35733 affects UNIMO Technology digital video recorders: UDR-JA1004/JA1008/JA1016 firmware v1.0.20.13 and earlier, and UDR-JA1016 v2.0.20.13 and earlier. A remote unauthenticated attacker can execute arbitrary OS commands via a crafted request to the device web interface. Red Hat and JVND...
PT-2022-4366
Name of the Vulnerable Software and Affected Versions: UNIMO digital video recorders versions v1.0.20.13 and earlier UNIMO digital video recorders versions v2.0.20.13 and earlier Description: The issue is related to the absence of authentication for a critical function in the firmware of UNIMO...
CVE-2022-30313
CVE-2022-30313 affects Honeywell Experion PKS Safety Manager (prior to 2022-05-06). The issue is missing authentication for critical functions in proprietary Safe Builder and Experion TCP (51000/TCP) protocols, enabling unauthenticated access to commands such as IO manipulation, file read/write, ...
CVE-2022-30313
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...
Motorola Solutions MOSCAD IP and ACE IP Gateways
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...
CVE-2022-21952
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...
CVE-2022-21952
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...
CVE-2022-21952
CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...
Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)
The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...
JTEKT TOYOPUC
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...
Exploit for Missing Authentication for Critical Function in Apache Airflow
CVE-2021-38540 Proof of Concept Missing Authentication on Crit...
The vulnerability of the TrueConf Server software lies in the lack of authentication for a critical function, which allows a perpetrator to trigger a service failure.
The vulnerability of the TrueConf Server software is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a perpetrator to remotely cause service failures by sending specially crafted requests...
The vulnerability of the software for providing network connections for NGINX Service Mesh allows a hacker to bypass the authentication process.
The vulnerability of the NGINX Service Mesh software for providing network connections is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
CVE-2022-1388 This repository conssists of the python exploit...
CVE-2021-33008 AVEVA System Platform Missing Authentication for Critical Function
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity...
Philips e-Alert
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...
CVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...
CVE-2021-22805
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...
CVE-2021-22823
CVE-2021-22823 affects Schneider Electric IGSS Interactive Graphical SCADA System Data Collector (dc.exe) on v15.0.0.21320 and earlier. It is a CWE-306 Missing Authentication for Critical Function vulnerability caused by lack of validation of network messages, which could lead to deletion of arbi...