Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-08-28 CVE-2023-40170 Missing Authentication for Critical Function vulnerability in Jupyter Server
jupyter-server is the backend for Jupyter web applications.
network
low complexity
jupyter CWE-306
6.1
6.1
2023-08-28 CVE-2023-38030 Missing Authentication for Critical Function vulnerability in Saho Adm-100 Firmware and Adm-100Fp Firmware
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions.
network
low complexity
saho CWE-306
7.5
7.5
2023-08-28 CVE-2023-38028 Missing Authentication for Critical Function vulnerability in Saho Adm-100 Firmware and Adm-100Fp Firmware
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication.
network
low complexity
saho CWE-306
critical
 9.1
9.1
2023-08-25 CVE-2023-40585 Missing Authentication for Critical Function vulnerability in Metal3 Ironic-Image
ironic-image is a container image to run OpenStack Ironic as part of Metal³.
network
low complexity
metal3 CWE-306
7.5
7.5
2023-08-23 CVE-2023-38422 Missing Authentication for Critical Function vulnerability in Walchem Intuition 9 Firmware
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server.
network
low complexity
walchem CWE-306
7.5
7.5
2023-08-17 CVE-2023-36846 Missing Authentication for Critical Function vulnerability in Juniper Junos
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain  part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.
network
low complexity
juniper CWE-306
5.3
5.3
2023-08-17 CVE-2023-36847 Missing Authentication for Critical Function vulnerability in Juniper Junos
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.
network
low complexity
juniper CWE-306
5.3
5.3
2023-08-15 CVE-2023-4334 Missing Authentication for Critical Function vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
network
low complexity
broadcom CWE-306
7.5
7.5
2023-08-15 CVE-2023-4335 Missing Authentication for Critical Function vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
network
low complexity
broadcom CWE-306
7.5
7.5
2023-08-08 CVE-2023-37373 Missing Authentication for Critical Function vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4).
network
low complexity
siemens CWE-306
7.5
7.5