Total
197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31277 | 1 Mi | 2 Xiaomi Lamp 1, Xiaomi Lamp 1 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.
|
|||||
| CVE-2022-31265 | 1 Wargaming | 1 World Of Warships | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source.
|
|||||
| CVE-2022-31158 | 1 Packback | 1 Lti 1.3 Tool Library | 2024-11-21 | N/A | 7.5 HIGH |
|
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.
|
|||||
| CVE-2022-30467 | 1 Joyebike | 2 Wolf 2022, Wolf 2022 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
|
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.
|
|||||
| CVE-2022-30466 | 1 Joybike | 2 Wolf, Wolf Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.
|
|||||
| CVE-2022-29475 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 8.1 HIGH |
|
An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
|
|||||
| CVE-2022-29334 | 1 H Project | 1 H | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.
|
|||||
| CVE-2022-27254 | 1 Honda | 2 Civic 2018, Civic 2018 Firmware | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
|
|||||
| CVE-2022-25838 | 1 Laravel | 1 Fortify | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
|
|||||
| CVE-2022-25159 | 1 Mitsubishielectric | 32 Fx5uc, Fx5uc-32mr\/ds-ts, Fx5uc-32mr\/ds-ts Firmware and 29 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ ...
Show More |
|||||
| CVE-2022-22806 | 1 Schneider-electric | 16 Scl Series 1029 Ups, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior ...
Show More |
|||||
| CVE-2021-46145 | 1 Honda | 1 Civic 2012 | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.
|
|||||
| CVE-2021-41030 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-11-21 | 6.4 MEDIUM | 5.4 MEDIUM |
|
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
|
|||||
| CVE-2021-40170 | 1 Securitashome | 2 Securitashome Alarm System, Securitashome Alarm System Firmware | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
|
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.
|
|||||
| CVE-2021-39364 | 1 Honeywell | 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
|
|||||
| CVE-2021-38459 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.
|
|||||
| CVE-2021-38296 | 2 Apache, Oracle | 2 Spark, Financial Services Crime And Compliance Management Studio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl" ...
Show More |
|||||
| CVE-2021-35067 | 1 Meross | 2 Msg100, Msg100 Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).
|
|||||
| CVE-2021-31958 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
|
Windows NTLM Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-27662 | 1 Johnsoncontrols | 2 Kantech Kt-1 Door Controller, Kantech Kt-1 Door Controller Firmware | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
|
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01
|
|||||
| CVE-2021-27572 | 1 Remotemouse | 1 Emote Remote Mouse | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.
|
|||||
| CVE-2021-26824 | 1 Dm Fingertool Project | 1 Dm Fingertool | 2024-11-21 | 5.6 MEDIUM | 7.1 HIGH |
|
DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB.
|
|||||
| CVE-2021-25835 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.
|
|||||
| CVE-2021-25834 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.
|
|||||
| CVE-2021-25480 | 2 Google, Qualcomm | 2 Android, Qualcomm | 2024-11-21 | 5.0 MEDIUM | 4.4 MEDIUM |
|
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
|
|||||
| CVE-2021-22267 | 1 Hpe | 2 Nonstop, Web Viewpoint | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).
|
|||||
| CVE-2020-9438 | 1 Tinxy | 2 Smart Wifi Door Lock, Smart Wifi Door Lock Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.
|
|||||
| CVE-2020-6972 | 1 Honeywell | 1 Notifier Webserver | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
|
|||||
| CVE-2020-5300 | 1 Ory | 1 Hydra | 2024-11-21 | 3.5 LOW | 5.8 MEDIUM |
|
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploitin ...
Show More |
|||||
| CVE-2020-5261 | 1 Sustainsys | 1 Saml2 | 2024-11-21 | 4.9 MEDIUM | 8.2 HIGH |
|
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0. ...
Show More |
|||||
| CVE-2020-4042 | 1 Bareos | 1 Bareos | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
|
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
|
|||||
| CVE-2020-35551 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
|
|||||
| CVE-2020-28713 | 1 Nightowlsp | 2 Smart Doorbell, Smart Doorbell Firmware | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false ...
Show More |
|||||
| CVE-2020-27374 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-11-21 | 7.9 HIGH | 7.5 HIGH |
|
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
|
|||||
| CVE-2020-27269 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
|
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.
|
|||||
| CVE-2020-27157 | 1 Veritas | 1 Aptare | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.
|
|||||
| CVE-2020-26172 | 1 Tangro | 1 Business Workflow | 2024-11-21 | 6.4 MEDIUM | 4.2 MEDIUM |
|
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.
|
|||||
| CVE-2020-25660 | 2 Fedoraproject, Redhat | 4 Fedora, Ceph, Ceph Storage and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all commun ...
Show More |
|||||
| CVE-2020-24722 | 1 Exposure Notifications Project | 1 Exposure Notifications | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
|
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.
|
|||||
| CVE-2020-23178 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.
|
|||||