CVE-2021-26264 Emerson DeltaV Missing Authentication for Critical Function

A specially crafted script could cause the DeltaV Distributed Control System Controllers All Versions to restart and cause a denial-of-service condition...

Non-transferable critical privileged role

Handle gzeon Vulnerability details Impact DEPLOYER is a constant in Manager and it is the only role that can call setSherlockCoreAddress to change sherlockCore address. Consider this is a critical function and there might be a need to change the deplorer address in the future e.g. governance...

Missing Authentication for Critical Function in Apache NiFi

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...

GHSA-3PP3-77J6-8PH6 Missing Authentication for Critical Function in Apache NiFi

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...

Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard

CVE-2021-45232-RCE CVE-2021-45232-RCE – Multi-threaded batch...

CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

CVE-2021-36780 Unauthorized data access from replicas through vulnerable instance manager pods

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

CVE-2021-36779

CVE-2021-36779 is a Missing Authentication for Critical Function in SUSE Longhorn. Affected: Longhorn before 1.1.3 and before 1.2.3. Root cause: lack of authentication allows any workload to execute binaries in an image on the host. Impact: workload compromise of host binaries across the cluster....

PT-2021-21352 · Suse · Longhorn

Name of the Vulnerable Software and Affected Versions: SUSE Longhorn longhorn versions prior to 1.1.3 longhorn versions prior to 1.2.3v Description: A Missing Authentication for Critical Function issue in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance,...

PT-2021-21350 · Suse · Suse Longhorn

Name of the Vulnerable Software and Affected Versions: SUSE Longhorn versions prior to 1.1.3 SUSE Longhorn versions prior to 1.2.3 Description: A Missing Authentication for Critical Function issue in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on th...

CVE-2021-42783

Missing Authentication for Critical Function vulnerability in debugpostset.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions...

CVE-2021-42783 Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4

Missing Authentication for Critical Function vulnerability in debugpostset.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions...

The vulnerability of the KrugCorrectTime.exe software of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, allowing a intruder to cause a malfunction in the normal operation of the SCADA system.

The vulnerability of the KrugCorrectTime.exe software component of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an intruder to cause malfunctions in the normal operation of the SCADA system...

The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, which allows a intruder to trigger a service failure.

The vulnerability of the KrServerBDdemoRT.exe module of the “KRUG-2000” SCADA system is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder, operating remotely, to cause service interruptions...

SAP NetWeaver Missing Authentication for Critical Function Vulnerability

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

Siemens SIMATIC Process Historian

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Process Historian Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable the execution of...

VulnCheck KEV: CVE-2022-1388

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain encoded...

The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.

The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...