CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945

CVE-2022-23945 describes a missing authentication flaw in the ShenYu Admin interface when registering over HTTP, affecting Apache ShenYu versions 2.4.0 and 2.4.1 . The connected sources consistently state the issue as an authentication gap without providing additional technical specifics within t...

Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard

Apache APISIX Dashboard: Unauthorized access to the interface...

Missing Authentication for Critical Function in Apache NiFi

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...

Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard

CVE-2021-45232-RCE CVE-2021-45232-RCE – Multi-threaded batch...

Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard

CVE-2021-45232-POC !https://github.com/bad...

Emerson DeltaV

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: DeltaV Distributed Control System Controllers and Workstations Vulnerabilities: Missing Authentication for Critical Function, Uncontrolled Search Path Element 2. RISK EVALUATION...

The vulnerability of the FilePath#reading(FileVisitor) component in the Jenkins automation server allows a malicious actor to have unlimited access to read files by using certain operations.

The vulnerability of the FilePathreadingFileVisitor component in Jenkins automation servers is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to gain unlimited access to files by performing certain operations...

The vulnerability of the FilePath#listFiles component in the Jenkins automation server, related to the absence of authentication procedures, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the FilePathlistFiles component in the Jenkins automation server is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

CVE-2021-36780

SUSE Longhorn CVE-2021-36780 is a Missing Authentication for Critical Function vulnerability due to improper access control in the longhorn-engine replica. Exploitation allows an attacker to connect to a replica instance and read/write data that should be protected. Affected versions are SUSE Lon...

CVE-2021-36780 Unauthorized data access from replicas through vulnerable instance manager pods

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

CVE-2021-36779

CVE-2021-36779 is a Missing Authentication for Critical Function in SUSE Longhorn. Affected: Longhorn before 1.1.3 and before 1.2.3. Root cause: lack of authentication allows any workload to execute binaries in an image on the host. Impact: workload compromise of host binaries across the cluster....

PT-2021-21352 · Suse · Longhorn

Name of the Vulnerable Software and Affected Versions: SUSE Longhorn longhorn versions prior to 1.1.3 longhorn versions prior to 1.2.3v Description: A Missing Authentication for Critical Function issue in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance,...

PT-2021-21350 · Suse · Suse Longhorn

Name of the Vulnerable Software and Affected Versions: SUSE Longhorn versions prior to 1.1.3 SUSE Longhorn versions prior to 1.2.3 Description: A Missing Authentication for Critical Function issue in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on th...

CVE-2021-22279

A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port...