Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-306
Total 801 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43761 1 Br-automation 1 Industrial Automation Aprol 2023-02-24 N/A 7.5 HIGH
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.
CVE-2022-22809 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2023-02-22 5.0 MEDIUM 5.3 MEDIUM
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2022-48300 1 Huawei 2 Emui, Harmonyos 2023-02-16 N/A 7.5 HIGH
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48299 1 Huawei 2 Emui, Harmonyos 2023-02-16 N/A 7.5 HIGH
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48288 1 Huawei 2 Emui, Harmonyos 2023-02-16 N/A 7.5 HIGH
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48289 1 Huawei 2 Emui, Harmonyos 2023-02-16 N/A 7.5 HIGH
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2019-15018 1 Zingbox 1 Inspector 2023-02-14 5.0 MEDIUM 7.5 HIGH
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
CVE-2015-5201 1 Redhat 2 Enterprise Virtualization, Enterprise Virtualization Hypervisor 2023-02-12 5.0 MEDIUM 7.5 HIGH
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
CVE-2020-25697 1 X.org 1 X Server 2023-02-12 4.4 MEDIUM 7.0 HIGH
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
CVE-2017-2637 1 Redhat 1 Openstack 2023-02-12 10.0 HIGH 10.0 CRITICAL
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
CVE-2023-25014 1 In2code 1 Femanager 2023-02-10 N/A 7.5 HIGH
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
CVE-2023-25013 1 In2code 1 Femanager 2023-02-10 N/A 7.5 HIGH
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
CVE-2021-36779 1 Linuxfoundation 1 Longhorn 2023-02-09 8.3 HIGH 9.6 CRITICAL
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVE-2021-36780 1 Linuxfoundation 1 Longhorn 2023-02-09 4.8 MEDIUM 8.1 HIGH
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.
CVE-2022-42970 2 Microsoft, Schneider-electric 8 Windows 10, Windows 11, Windows 7 and 5 more 2023-02-08 N/A 9.8 CRITICAL
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2021-3589 2 Redhat, Theforeman 2 Satellite, Foreman Ansible 2023-02-08 6.5 MEDIUM 8.0 HIGH
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2022-32528 1 Schneider-electric 1 Interactive Graphical Scada System 2023-02-08 N/A 9.1 CRITICAL
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2020-20627 1 Givewp 1 Givewp 2023-02-06 5.0 MEDIUM 5.3 MEDIUM
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.
CVE-2020-11579 2 Chadhaajay, Php 2 Phpkb, Php 2023-02-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
CVE-2019-6652 1 F5 1 Big-iq Centralized Management 2023-02-03 6.4 MEDIUM 6.5 MEDIUM
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).