Przykłady dla CWE-306: Missing Authentication for Critical Function - CXSecurity.com

	Tytuł	Data	Autor
Low	SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication	22.06.2022	Yvan Genuer
Med.	SAP Netweaver JAVA 7.50 Missing Authorization	17.06.2021	Ignacio D. Favro
Med.	URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution	30.12.2020	Erik Steltzner
Med.	IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution	29.03.2020	Pedro Ribeiro
Med.	Sophos UTM 9.410 loginuser confd Service Privilege Escalation	06.03.2018	KoreLogic
Med.	JD Edwards 9.1 EnterpriseOne Server Denial Of Service	28.08.2016	Fernando Russ and Mati...
Med.	JD Edwards 9.1 EnterpriseOne Server Create Users	28.08.2016	Fernando Russ and Mati...
High	SAP TREX 7.10 Revision 63 Remote Command Execution	22.08.2016	Multiple
Med.	Davolink DV-2051 Missing Access Control	06.08.2016	Eric Flokstra
High	InFocus IN3128HD Projector Missing Authentication	28.04.2015	CORE
High	Allied Telesis AT-RG634A ADSL router unauthenticated webshell	26.03.2014	Sebastian Muniz
High	INSTEON Hub 2242-222 Lack Of Authentication	02.08.2013	David Bryan

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-10-17

	CVE-2024-49399	Updating...	The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
	CVE-2024-48920	Updating...	PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.

2024-10-15

	CVE-2024-45274	Updating...	An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
	CVE-2024-9984	Updating...	Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.

2024-10-11

Waiting for details

CVE-2024-8530

Updating...

CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated �??logcaptures�?� archive is accessed directly by HTTPS.

2024-10-08

Waiting for details

CVE-2024-43488

Updating...

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

2024-10-03

Waiting for details

CVE-2024-41988

Updating...

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

2024-10-02

	CVE-2024-35294	Updating...	An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
	CVE-2024-35293	Updating...	An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.

2024-09-30

Waiting for details

CVE-2024-8456

Updating...

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.

Copyright 2024, cxsecurity.com