Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-0052 Missing Authentication for Critical Function vulnerability in Sauter-Controls products
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials.
network
low complexity
sauter-controls CWE-306
8.8
8.8
2023-01-13 CVE-2022-42276 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 1.8
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
local
low complexity
nvidia CWE-306
8.2
8.2
2023-01-13 CVE-2022-42277 Missing Authentication for Critical Function vulnerability in Nvidia DGX Station A100 Firmware
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
local
low complexity
nvidia CWE-306
8.2
8.2
2023-01-13 CVE-2022-42275 Missing Authentication for Critical Function vulnerability in Nvidia BMC
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections.
local
low complexity
nvidia CWE-306
7.1
7.1
2023-01-13 CVE-2022-46463 Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.
network
low complexity
linuxfoundation CWE-306
7.5
7.5
2022-12-27 CVE-2022-45423 Missing Authentication for Critical Function vulnerability in Dahuasecurity products
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials.
network
low complexity
dahuasecurity CWE-306
7.5
7.5
2022-12-27 CVE-2022-45424 Missing Authentication for Critical Function vulnerability in Dahuasecurity products
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key.
network
low complexity
dahuasecurity CWE-306
5.3
5.3
2022-12-25 CVE-2022-44013 Missing Authentication for Critical Function vulnerability in Simmeth Lieferantenmanager
An issue was discovered in Simmeth Lieferantenmanager before 5.6.
network
low complexity
simmeth CWE-306
critical
 9.1
9.1
2022-12-21 CVE-2022-3188 Missing Authentication for Critical Function vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.
network
low complexity
dataprobe CWE-306
5.3
5.3
2022-12-16 CVE-2022-47377 Missing Authentication for Critical Function vulnerability in Sick Sim2000 Firmware 1.2.0
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method.
network
low complexity
sick CWE-306
critical
 9.8
9.8