PT-2024-1427 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

CVE-2023-5253

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be...

CVE-2023-31033 CVE

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data...

GitLab 7.11.0 < 14.1.7 (CVE-2021-39879)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication CVE-2021-39879 Note that Nessus ha...

The vulnerability of the httpd-demon software of D-Link G416 router microprogramming system allows a hacker to bypass security restrictions.

The vulnerability of the httpd-daemon of D-Link G416 microprogrammed router software is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker to bypass security restrictions remotely...

D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack ...

Authentication flaw

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold...

CVE-2023-36648

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka as consumer and producer...

CVE-2023-36648

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka as consumer and producer...

CVE-2023-36648

The CVE-2023-36648 issue affects ProLion CryptoSpike 3.0.15P2, where missing authentication in the internal data streaming system allows remote unauthenticated access to Apache Kafka as a consumer or producer. This exposes potentially sensitive information and can cause denial of service by direc...

The vulnerability of the microprogrammed logic controllers Sauter Nova 220, 230, and 106 lies in the absence of authentication for a critical function. This allows attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of the microprogrammed logic controllers Sauter Nova 220, 230, and 106 lies in the absence of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary commands...

The vulnerability of the PowerStation network load balancing system, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the PowerStation network load balancing system is related to the lack of authentication for critical functions, resulting from insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected...

BD FACSChorus

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : FACSChorus Vulnerabilities : Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use...

Multiple vulnerabilities in First Corporation's DVRs

Overview DVRs provided by First Co., Ltd. contain multiple vulnerabilities listed below. Use of hard-coded password CWE-259 - CVE-2023-47213 Missing authentication for critical function CWE-306 - CVE-2023-47674 Yoshiki Mori of National Institute of Information and Communications Technology...

Siemens SIMATIC PCS neo

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...

Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

CVE-2023-46819

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09...