Total
197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15688 | 1 Embedthis | 1 Goahead | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
|
|||||
| CVE-2020-14302 | 1 Redhat | 1 Keycloak | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.
|
|||||
| CVE-2020-13799 | 2 Linaro, Westerndigital | 7 Op-tee, Inand Cl Em132, Inand Cl Em132 Firmware and 4 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the ...
Show More |
|||||
| CVE-2020-12692 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
|
|||||
| CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
|
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
|
|||||
| CVE-2020-10045 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
|
|||||
| CVE-2019-9659 | 2 Chuango, Eminent | 22 A11 Pstn\/lcd\/rfid Touch Alarm System, A11 Pstn\/lcd\/rfid Touch Alarm System Firmware, A8 Pstn Alarm System and 19 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
|
|||||
| CVE-2019-9158 | 1 Gemalto | 1 Ezio Ds3 Server | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
|
|||||
| CVE-2019-5307 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
|
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tampe ...
Show More |
|||||
| CVE-2019-3915 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
|
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
|
|||||
| CVE-2019-20626 | 1 Honda | 2 Hr-v 2017, Hr-v 2017 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack.
|
|||||
| CVE-2019-18226 | 1 Honeywell | 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
|
|||||
| CVE-2019-13533 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
|
|||||
| CVE-2019-12887 | 1 Keyidentity | 1 Linotp | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
|
|||||
| CVE-2019-12393 | 1 Anviz | 1 Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.
|
|||||
| CVE-2019-11856 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 5.5 MEDIUM | 3.3 LOW |
|
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
|
|||||
| CVE-2019-11334 | 1 Tzumi | 3 Klic Lock, Klic Smart Padlock Model 5686, Klic Smart Padlock Model 5686 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.
|
|||||
| CVE-2018-7790 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
|
|||||
| CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2024-11-21 | 5.0 MEDIUM | 5.6 MEDIUM |
|
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
|
|||||
| CVE-2018-1128 | 3 Debian, Opensuse, Redhat | 10 Debian Linux, Leap, Ceph and 7 more | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
|
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
|
|||||
| CVE-2018-19025 | 1 Juuko | 2 K-808, K-808 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
|
|||||
| CVE-2018-19023 | 1 Hetronic | 10 Bms-hl, Bms-hl Firmware, Dc Mobile and 7 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
|
|||||
| CVE-2018-17935 | 1 Telecrane | 22 F25-10d, F25-10d Firmware, F25-10s and 19 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
|
|||||
| CVE-2018-17932 | 1 Juuko | 2 K-800, K-800 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
|
|||||
| CVE-2018-17903 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
|
|||||
| CVE-2018-17176 | 1 Neatorobotics | 6 Botvac D4 Connected, Botvac D4 Connected Firmware, Botvac D6 Connected and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
|
|||||
| CVE-2018-16242 | 1 O.bike | 3 Obike-stationless Bike Sharing, Smart Locker, Smart Locker Firmware | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
|
|||||
| CVE-2018-15498 | 1 Ysoft | 2 Safeq Server, Safeq Server Client | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
YSoft SafeQ Server 6 allows a replay attack.
|
|||||
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.
|
|||||
| CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.
|
|||||
| CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.
|
|||||
| CVE-2024-36250 | 1 Mattermost | 1 Mattermost Server | 2024-11-14 | N/A | 4.8 MEDIUM |
|
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
|
|||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | N/A | 6.5 MEDIUM |
|
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
|
|||||
| CVE-2024-3982 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | N/A | 8.2 HIGH |
|
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level
is not enabled and only users with administrator rights can enable it.
|
|||||
| CVE-2024-46041 | 2024-10-07 | N/A | 8.8 HIGH | ||
|
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
|
|||||
| CVE-2024-8260 | 2 Microsoft, Openpolicyagent | 2 Windows, Open Policy Agent | 2024-09-19 | N/A | 7.3 HIGH |
|
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions.
|
|||||
| CVE-2024-43099 | 2024-09-14 | N/A | 8.8 HIGH | ||
|
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.
|
|||||