PT-2022-21760 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a6 Description: The issue concerns a missing authentication for a critical function in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.0a6, update to version 2.5.0a6 or later ...

CVE-2022-3327

CVE-2022-3327 affects rdiffweb (GitHub: ikus060/rdiffweb) with a missing authentication flaw in a critical function prior to version 2.5.0a6. The issue stems from insufficient access controls on a function that should require authentication, enabling potential unauthorized access or actions. Publ...

CVE-2022-3327 Missing Authentication for Critical Function in ikus060/rdiffweb

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

The vulnerability of the Valmet System 2019 software suite (Metso DNA) lies in the lack of authentication for a critical function, allowing a perpetrator to execute arbitrary codes.

The vulnerability of the Valmet System 2019 software suite Metso DNA is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

PT-2022-7191 · Dapr · Dapr Dashboard

Name of the Vulnerable Software and Affected Versions: Dapr Dashboard versions 0.1.0 through 0.10.0 Description: The issue is related to Incorrect Access Control in the Dapr Dashboard, which is associated with a lack of authentication for a critical function. This allows attackers to obtain...

The vulnerability of the web interface of the microprogramming software for control blocks Festo CPX-CEC-C1 and CPX-CMXX allows a intruder to trigger a service failure.

The vulnerability of the web interface of Festo CPX-CEC-C1 and CPX-CMXX software solutions lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

Authentication flaw

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

Authentication flaw

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system Camera, Decoder and Encoder and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID...

The vulnerability of the microprogrammed software of the digital video recorders UNIMO models UDR-JA1004, JA1008, and JA1016 lies in the absence of authentication for a critical function, allowing attackers to execute arbitrary OS commands.

The vulnerability of the microprogrammed software of the UNIMO digital video recorders models UDR-JA1004, JA1008, and JA1016 is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary OS...

CVE-2022-35733

CVE-2022-35733 affects UNIMO Technology digital video recorders: UDR-JA1004/JA1008/JA1016 firmware v1.0.20.13 and earlier, and UDR-JA1016 v2.0.20.13 and earlier. A remote unauthenticated attacker can execute arbitrary OS commands via a crafted request to the device web interface. Red Hat and JVND...

PT-2022-4366

Name of the Vulnerable Software and Affected Versions: UNIMO digital video recorders versions v1.0.20.13 and earlier UNIMO digital video recorders versions v2.0.20.13 and earlier Description: The issue is related to the absence of authentication for a critical function in the firmware of UNIMO...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

CVE-2022-30313

CVE-2022-30313 affects Honeywell Experion PKS Safety Manager (prior to 2022-05-06). The issue is missing authentication for critical functions in proprietary Safe Builder and Experion TCP (51000/TCP) protocols, enabling unauthenticated access to commands such as IO manipulation, file read/write, ...

Motorola Solutions MOSCAD IP and ACE IP Gateways

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-21952

CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...

Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

Exploit for Missing Authentication for Critical Function in Apache Airflow

CVE-2021-38540 Proof of Concept Missing Authentication on Crit...