CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

CVE-2021-36780 Unauthorized data access from replicas through vulnerable instance manager pods

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

CVE-2021-36779

CVE-2021-36779 is a Missing Authentication for Critical Function in SUSE Longhorn. Affected: Longhorn before 1.1.3 and before 1.2.3. Root cause: lack of authentication allows any workload to execute binaries in an image on the host. Impact: workload compromise of host binaries across the cluster....

PT-2021-21352 · Suse · Longhorn

Name of the Vulnerable Software and Affected Versions: SUSE Longhorn longhorn versions prior to 1.1.3 longhorn versions prior to 1.2.3v Description: A Missing Authentication for Critical Function issue in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance,...

PT-2021-21350 · Suse · Suse Longhorn

Name of the Vulnerable Software and Affected Versions: SUSE Longhorn versions prior to 1.1.3 SUSE Longhorn versions prior to 1.2.3 Description: A Missing Authentication for Critical Function issue in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on th...

CVE-2021-42783

Missing Authentication for Critical Function vulnerability in debugpostset.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions...

CVE-2021-42783 Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4

Missing Authentication for Critical Function vulnerability in debugpostset.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions...

The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, which allows a intruder to trigger a service failure.

The vulnerability of the KrServerBDdemoRT.exe module of the “KRUG-2000” SCADA system is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder, operating remotely, to cause service interruptions...

The vulnerability of the KrugCorrectTime.exe software of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, allowing a intruder to cause a malfunction in the normal operation of the SCADA system.

The vulnerability of the KrugCorrectTime.exe software component of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an intruder to cause malfunctions in the normal operation of the SCADA system...

SAP NetWeaver Missing Authentication for Critical Function Vulnerability

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

Siemens SIMATIC Process Historian

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Process Historian Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable the execution of...

VulnCheck KEV: CVE-2022-1388

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain encoded...

The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.

The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...

CVE-2021-33882

CVE-2021-33882 affects B. Braun SpaceCom2 prior to 012U000062 and is a Missing Authentication for Critical Function issue that lets a remote attacker reconfigure the device via unauthenticated commands on the SpaceCom/SpaceStation interface. Public Red Hat/US advisories and the McAfee/Trellix ana...

Siemens Sicam Missing Authentication for Critical Function

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. File data ot500482.nasl...

CVE-2020-7389 Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment

Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production...

CVE-2021-22784

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system...

CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...