Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-27586 | Missing Authentication for Critical Function vulnerability in Sick Sim1004-0P0G311 Firmware Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-43989 | Missing Authentication for Critical Function vulnerability in Sick Sim2000-2P04G10 Firmware and Sim2500-2P03G10 Firmware Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-11-01 | CVE-2022-43990 | Missing Authentication for Critical Function vulnerability in Sick Sim1012-0P0G200 Firmware Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-11-01 | CVE-2022-3312 | Missing Authentication for Critical Function vulnerability in Google Chrome Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. | 4.6 |
| 2022-10-31 | CVE-2022-41644 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. | 8.8 |
| 2022-10-28 | CVE-2022-2474 | Missing Authentication for Critical Function vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110 Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | 8.0 |
| 2022-10-26 | CVE-2022-3674 | Missing Authentication for Critical Function vulnerability in Sanitization Management System Project Sanitization Management System 1.0 A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. | 9.8 |
| 2022-10-25 | CVE-2022-27623 | Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | 9.1 |
| 2022-10-25 | CVE-2022-38870 | Missing Authentication for Critical Function vulnerability in Free5Gc 3.2.1 Free5gc v3.2.1 is vulnerable to Information disclosure. | 7.5 |
| 2022-10-20 | CVE-2022-3327 | Missing Authentication for Critical Function vulnerability in Ikus-Soft Rdiffweb Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. | 9.8 |