Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-0052 Missing Authentication for Critical Function vulnerability in Sauter-Controls products
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials.
network
low complexity
sauter-controls CWE-306
8.8
2023-01-19 CVE-2022-3738 Missing Authentication for Critical Function vulnerability in Wago products
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists.
network
high complexity
wago CWE-306
5.9
2023-01-13 CVE-2022-42276 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
local
low complexity
nvidia CWE-306
8.2
2023-01-13 CVE-2022-42277 Missing Authentication for Critical Function vulnerability in Nvidia DGX Station A100 Firmware
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
local
low complexity
nvidia CWE-306
8.2
2023-01-13 CVE-2022-42275 Missing Authentication for Critical Function vulnerability in Nvidia BMC
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections.
local
low complexity
nvidia CWE-306
7.1
2023-01-13 CVE-2022-46463 Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor
** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.
network
low complexity
linuxfoundation CWE-306
7.5
2022-12-21 CVE-2022-3188 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.
network
low complexity
CWE-306
5.3
2022-12-16 CVE-2022-47377 Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method.
network
low complexity
CWE-306
critical
9.8
2022-12-07 CVE-2022-42458 Missing Authentication for Critical Function vulnerability in Shift-Tech Bingo!Cms
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file.
network
low complexity
shift-tech CWE-306
critical
9.8
2022-12-05 CVE-2022-45479 Missing Authentication for Critical Function vulnerability in Beappsmobile PC Keyboard Wifi&Bluetooth
PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication.
network
low complexity
beappsmobile CWE-306
critical
9.8