Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-4699 | Missing Authentication for Critical Function vulnerability in Mitsubishielectric products Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. | 9.1 |
| 2023-11-04 | CVE-2023-46381 | Missing Authentication for Critical Function vulnerability in Loytec products LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. | 8.2 |
| 2023-11-03 | CVE-2022-43554 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-43555 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2023-41351 | Missing Authentication for Critical Function vulnerability in Nokia G-040W-Q Firmware G040Wqr201207 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. | 9.8 |
| 2023-10-31 | CVE-2023-46249 | Missing Authentication for Critical Function vulnerability in Goauthentik Authentik authentik is an open-source Identity Provider. | 9.8 |
| 2023-10-31 | CVE-2023-46978 | Missing Authentication for Critical Function vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. | 7.5 |
| 2023-10-26 | CVE-2023-46747 | Missing Authentication for Critical Function vulnerability in F5 products Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |
| 2023-10-25 | CVE-2023-40401 | Missing Authentication for Critical Function vulnerability in Apple Macos The issue was addressed with additional permissions checks. | 7.5 |
| 2023-10-25 | CVE-2023-42845 | Missing Authentication for Critical Function vulnerability in Apple Ipados, Iphone OS and Macos An authentication issue was addressed with improved state management. | 5.3 |