Vulnerabilities > Missing Authentication for Critical Function
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-20 | CVE-2023-0052 | Missing Authentication for Critical Function vulnerability in Sauter-Controls products SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. | 8.8 |
2023-01-19 | CVE-2022-3738 | Missing Authentication for Critical Function vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. | 5.9 |
2023-01-13 | CVE-2022-42276 | Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 8.2 |
2023-01-13 | CVE-2022-42277 | Missing Authentication for Critical Function vulnerability in Nvidia DGX Station A100 Firmware NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 8.2 |
2023-01-13 | CVE-2022-42275 | Missing Authentication for Critical Function vulnerability in Nvidia BMC NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. | 7.1 |
2023-01-13 | CVE-2022-46463 | Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor ** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. | 7.5 |
2022-12-21 | CVE-2022-3188 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users. | 5.3 |
2022-12-16 | CVE-2022-47377 | Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
2022-12-07 | CVE-2022-42458 | Missing Authentication for Critical Function vulnerability in Shift-Tech Bingo!Cms Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. | 9.8 |
2022-12-05 | CVE-2022-45479 | Missing Authentication for Critical Function vulnerability in Beappsmobile PC Keyboard Wifi&Bluetooth PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. | 9.8 |