Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-12-08 CVE-2023-32460 Missing Authentication for Critical Function vulnerability in Dell products
Dell PowerEdge BIOS contains an improper privilege management security vulnerability.
local
low complexity
dell CWE-306
7.8
7.8
2023-11-29 CVE-2023-49693 Missing Authentication for Critical Function vulnerability in Netgear Prosafe Network Management System
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
network
low complexity
netgear CWE-306
critical
 9.8
9.8
2023-11-28 CVE-2023-29061 Missing Authentication for Critical Function vulnerability in BD Facschorus
There is no BIOS password on the FACSChorus workstation.
low complexity
bd CWE-306
5.2
5.2
2023-11-28 CVE-2023-29063 Missing Authentication for Critical Function vulnerability in BD Facschorus
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture.
low complexity
bd CWE-306
2.4
2.4
2023-11-28 CVE-2023-29060 Missing Authentication for Critical Function vulnerability in BD Facschorus
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports.
low complexity
bd CWE-306
5.7
5.7
2023-11-22 CVE-2023-3104 Missing Authentication for Critical Function vulnerability in Unitree A1 Firmware
Lack of authentication vulnerability.
network
low complexity
unitree CWE-306
7.5
7.5
2023-11-21 CVE-2023-42770 Missing Authentication for Critical Function vulnerability in Redlioncontrols products
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP.
network
low complexity
redlioncontrols CWE-306
critical
 9.8
9.8
2023-11-16 CVE-2023-47674 Missing Authentication for Critical Function vulnerability in C-First products
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device.
network
low complexity
c-first CWE-306
critical
 9.8
9.8
2023-11-14 CVE-2023-34060 Missing Authentication for Critical Function vulnerability in VMWare Cloud Director 10.4.0
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) .
network
low complexity
vmware CWE-306
critical
 9.8
9.8
2023-11-04 CVE-2023-46381 Missing Authentication for Critical Function vulnerability in Loytec products
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI.
network
low complexity
loytec CWE-306
8.2
8.2