Lucene search
K

2964 matches found

Prion
Prion
added 2023/02/20 11:15 p.m.17 views

Authentication flaw

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

7.5CVSS9.8AI score0.01098EPSS
Exploits0References1Affected Software2
Sick AG
Sick AG
added 2023/02/20 2:0 p.m.10 views

Bootloader mode vulnerability in Flexi Soft Gateways v3

The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol...

9.1CVSS6.9AI score0.01098EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.7 views

CVE-2023-23453

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...

8.2AI score0.01098EPSS
Exploits0References1
CVE
CVE
added 2023/02/20 12:0 a.m.61 views

CVE-2023-23453

Affected: SICK FX0-GENT v3 firmware (V3.04 and V3.05). Vulnerability: Missing authentication for a critical function allows an unprivileged remote attacker to execute arbitrary code via crafted RK512 commands sent to the listener on TCP port 9000. Root cause: lack of authentication for critical f...

9.8CVSS9.8AI score0.01098EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/19 3:15 p.m.1 views

CVE-2023-0919

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...

8.1CVSS5.9AI score0.00484EPSS
Exploits1References4
OSV
OSV
added 2023/02/19 12:0 a.m.3 views

CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...

8.1CVSS5.8AI score0.00484EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/02/19 12:0 a.m.9 views

PT-2023-6678 · Kareadita · Kavita

Name of the Vulnerable Software and Affected Versions: kareadita/kavita versions prior to 0.7.0 Description: The issue is related to a missing authentication for a critical function in the kareadita/kavita GitHub repository. This could allow a remote attacker to impact the confidentiality and...

8.5CVSS4.2AI score0.00484EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/02/18 7:41 a.m.13 views

CVE-2023-0906 SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function deletecategory of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be...

7.5CVSS9.7AI score0.00658EPSS
Exploits0References2
OSV
OSV
added 2023/02/15 6:15 p.m.3 views

CVE-2023-22804

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device...

9.8CVSS5.8AI score0.00708EPSS
Exploits0References1
OSV
OSV
added 2023/02/15 6:15 p.m.4 views

CVE-2023-0102

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files...

9.1CVSS7.4AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.3 views

SUSE CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...

5.9CVSS5.8AI score0.00947EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-36779

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

9.6CVSS7.1AI score0.00664EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

8.1CVSS7.9AI score0.00451EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.2 views

SUSE CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

7.5CVSS9.2AI score0.01448EPSS
Exploits1References7
0day.today
0day.today
added 2023/02/15 12:0 a.m.254 views

WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...

9.1CVSS0.5AI score0.02034EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/10 5:43 a.m.1 views

NEC PC Settings Tool vulnerable to missing authentication for critical function

Overview PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Haruki Yadani of LAC Co., Ltd. reported this vulnerability to IPA...

8.8CVSS6.8AI score0.00165EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/10 12:0 a.m.31 views

JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function

PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...

7.8CVSS7.7AI score0.00165EPSS
Exploits0
OSV
OSV
added 2023/02/09 5:15 p.m.1 views

CVE-2022-48300

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References2
ICS
ICS
added 2023/02/09 12:0 a.m.38 views

LS ELECTRIC XBC-DN32U

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: XBC-DN32U Vulnerabilities: Missing Authentication for Critical Function, Improper Access Control, Cleartext Transmission of Sensitive...

9.8CVSS8AI score0.00724EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 10:15 a.m.5 views

CVE-2022-43761

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References1
Rows per page
Query Builder