CVE-2022-45138 WAGO: Missing Authentication for Critical Function

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...

CVE-2023-23452

Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

Authentication flaw

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

Bootloader mode vulnerability in Flexi Soft Gateways v3

The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol...

CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

CVE-2023-23453

Affected: SICK FX0-GENT v3 firmware (V3.04 and V3.05). Vulnerability: Missing authentication for a critical function allows an unprivileged remote attacker to execute arbitrary code via crafted RK512 commands sent to the listener on TCP port 9000. Root cause: lack of authentication for critical f...

CVE-2023-0919

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...

CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...

PT-2023-6678 · Kareadita · Kavita

Name of the Vulnerable Software and Affected Versions: kareadita/kavita versions prior to 0.7.0 Description: The issue is related to a missing authentication for a critical function in the kareadita/kavita GitHub repository. This could allow a remote attacker to impact the confidentiality and...

CVE-2023-0906 SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function deletecategory of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be...

CVE-2023-0102

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files...

CVE-2023-22804

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device...

SUSE CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...

SUSE CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

SUSE CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

SUSE CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...

NEC PC Settings Tool vulnerable to missing authentication for critical function

Overview PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Haruki Yadani of LAC Co., Ltd. reported this vulnerability to IPA...

JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function

PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...