Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-38168 | Missing Authentication for Critical Function vulnerability in Avaya products Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | 9.1 |
| 2022-11-03 | CVE-2022-3675 | Missing Authentication for Critical Function vulnerability in Redhat Fedora Coreos 36.20220820.3.0 Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. | 5.5 |
| 2022-11-02 | CVE-2022-42473 | Missing Authentication for Critical Function vulnerability in Fortinet Fortisoar A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | 5.5 |
| 2022-11-01 | CVE-2022-27582 | Missing Authentication for Critical Function vulnerability in Sick products Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-27584 | Missing Authentication for Critical Function vulnerability in Sick Sim2000St Firmware Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-27585 | Missing Authentication for Critical Function vulnerability in Sick Sim1000 FX Firmware Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-27586 | Missing Authentication for Critical Function vulnerability in Sick Sim1004-0P0G311 Firmware Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 9.8 |
| 2022-11-01 | CVE-2022-43989 | Missing Authentication for Critical Function vulnerability in Sick Sim2000-2P04G10 Firmware and Sim2500-2P03G10 Firmware Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-11-01 | CVE-2022-43990 | Missing Authentication for Critical Function vulnerability in Sick Sim1012-0P0G200 Firmware Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. | 7.3 |
| 2022-11-01 | CVE-2022-3312 | Missing Authentication for Critical Function vulnerability in Google Chrome Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. | 4.6 |