Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-40545 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingfederate 11.3.0 Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. | 9.8 |
| 2024-02-06 | CVE-2024-23917 | Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | 9.8 |
| 2024-02-01 | CVE-2023-49115 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users. | 7.5 |
| 2024-02-01 | CVE-2023-49617 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. | 9.1 |
| 2024-02-01 | CVE-2023-6221 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. | 6.5 |
| 2024-02-01 | CVE-2024-22449 | Missing Authentication for Critical Function vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. | 7.8 |
| 2024-01-26 | CVE-2024-23618 | Missing Authentication for Critical Function vulnerability in Commscope Arris Surfboard Sbg6950Ac2 Firmware An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. | 9.8 |
| 2024-01-19 | CVE-2023-51947 | Missing Authentication for Critical Function vulnerability in Actidata Actinas SL 2U-8 RDX Firmware 3.2.03 Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | 9.1 |
| 2024-01-15 | CVE-2023-5253 | Missing Authentication for Critical Function vulnerability in Nozominetworks CMC and Guardian A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. | 7.5 |
| 2024-01-13 | CVE-2023-51062 | Missing Authentication for Critical Function vulnerability in Qstar Archive Storage Manager 30 An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | 5.3 |