Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47930 | 1 Iofinnet | 1 Tss-lib | 2023-11-07 | N/A | 6.8 MEDIUM |
| An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | |||||
| CVE-2020-9438 | 1 Tinxy | 2 Smart Wifi Door Lock, Smart Wifi Door Lock Firmware | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled. | |||||
| CVE-2020-25660 | 2 Fedoraproject, Redhat | 4 Fedora, Ceph, Ceph Storage and 1 more | 2023-11-07 | 5.8 MEDIUM | 8.8 HIGH |
| A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. | |||||
| CVE-2019-20626 | 1 Honda | 2 Hr-v 2017, Hr-v 2017 Firmware | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. | |||||
| CVE-2023-36857 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2023-10-25 | N/A | 6.5 MEDIUM |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | |||||
| CVE-2023-39373 | 1 Hyundai | 2 Hyundai 2017, Hyundai 2017 Firmware | 2023-09-07 | N/A | 6.5 MEDIUM |
| A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. | |||||
| CVE-2022-45789 | 1 Schneider-electric | 72 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 69 more | 2023-08-09 | N/A | 9.8 CRITICAL |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) | |||||
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | |||||
| CVE-2022-29334 | 1 H Project | 1 H | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. | |||||
| CVE-2021-31958 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-01 | 6.8 MEDIUM | 7.5 HIGH |
| Windows NTLM Elevation of Privilege Vulnerability | |||||
| CVE-2023-34625 | 1 Showmojo | 2 Mojobox, Mojobox Firmware | 2023-07-28 | N/A | 8.1 HIGH |
| ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock. | |||||
| CVE-2022-31158 | 1 Packback | 1 Lti 1.3 Tool Library | 2023-07-24 | N/A | 7.5 HIGH |
| LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds. | |||||
| CVE-2022-48507 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-2846 | 1 Mitsubishielectric | 300 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 297 more | 2023-07-10 | N/A | 9.1 CRITICAL |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. | |||||
| CVE-2023-34553 | 1 Wafucn | 2 Wafu Keyless Smart Lock, Wafu Keyless Smart Lock Firmware | 2023-07-03 | N/A | 6.5 MEDIUM |
| An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. | |||||
| CVE-2023-29158 | 1 Subnet | 1 Powersystem Center | 2023-06-29 | N/A | 9.1 CRITICAL |
| SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | |||||
| CVE-2023-33621 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2023-06-23 | N/A | 5.9 MEDIUM |
| GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay. | |||||
| CVE-2023-31763 | 1 Agshome Smart Alarm Project | 2 Agshome Smart Alarm, Agshome Smart Alarm Firmware | 2023-06-12 | N/A | 7.5 HIGH |
| Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | |||||
| CVE-2023-31762 | 1 Mydigoo | 2 Dg-hamb, Dg-hamb Firmware | 2023-06-12 | N/A | 7.5 HIGH |
| Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | |||||
| CVE-2023-31761 | 1 Blitzwolf | 2 Bw-is22, Bw-is22 Firmware | 2023-06-12 | N/A | 7.5 HIGH |
| Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | |||||