Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-34060 Missing Authentication for Critical Function vulnerability in VMWare Cloud Director 10.4.0
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) .
network
low complexity
vmware CWE-306
critical
 9.8
9.8
2023-11-06 CVE-2023-4699 Missing Authentication for Critical Function vulnerability in Mitsubishielectric products
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products.
network
low complexity
mitsubishielectric CWE-306
critical
 9.1
9.1
2023-11-04 CVE-2023-46381 Missing Authentication for Critical Function vulnerability in Loytec products
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI.
network
low complexity
loytec CWE-306
8.2
8.2
2023-11-03 CVE-2022-43554 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8
7.8
2023-11-03 CVE-2022-43555 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8
7.8
2023-11-03 CVE-2023-41351 Missing Authentication for Critical Function vulnerability in Nokia G-040W-Q Firmware G040Wqr201207
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL.
network
low complexity
nokia CWE-306
critical
 9.8
9.8
2023-10-31 CVE-2023-46249 Missing Authentication for Critical Function vulnerability in Goauthentik Authentik
authentik is an open-source Identity Provider.
network
low complexity
goauthentik CWE-306
critical
 9.8
9.8
2023-10-31 CVE-2023-46978 Missing Authentication for Critical Function vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.
network
low complexity
totolink CWE-306
7.5
7.5
2023-10-26 CVE-2023-46747 Missing Authentication for Critical Function vulnerability in F5 products
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-306
critical
 9.8
9.8
2023-10-25 CVE-2023-40401 Missing Authentication for Critical Function vulnerability in Apple Macos
The issue was addressed with additional permissions checks.
network
low complexity
apple CWE-306
7.5
7.5