Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42731 | 1 Django-mfa2 Project | 1 Django-mfa2 | 2022-10-11 | N/A | 7.5 HIGH |
| mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage. | |||||
| CVE-2022-40621 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2022-09-19 | N/A | 7.5 HIGH |
| Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack. | |||||
| CVE-2022-36089 | 1 Kubevela | 1 Kubevela | 2022-09-16 | N/A | 9.8 CRITICAL |
| KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the `PlatformID` as the signed key to generate the JWT tokens for users. Another API called `getSystemInfo` exposes the platformID. This vulnerability allows users to use the platformID to re-generate the JWT tokens to bypass the authentication. Versions 1.4.11 and 1.5.4 contain a patch for this issue. | |||||
| CVE-2022-37418 | 3 Hyundai, Kia, Nissan | 6 Hyundai, Hyundai Firmware, Kia and 3 more | 2022-08-31 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2022-37305 | 1 Honda | 2 Honda, Honda Firmware | 2022-08-31 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2022-36945 | 1 Mazda | 2 Mazda, Mazda Firmware | 2022-08-31 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2022-33971 | 1 Omron | 104 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 101 more | 2022-07-15 | 5.4 MEDIUM | 7.5 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | |||||
| CVE-2022-33208 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2022-07-15 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. | |||||
| CVE-2022-30467 | 1 Joyebike | 2 Wolf 2022, Wolf 2022 Firmware | 2022-07-13 | 4.3 MEDIUM | 6.8 MEDIUM |
| Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. | |||||
| CVE-2022-31277 | 1 Mi | 2 Xiaomi Lamp 1, Xiaomi Lamp 1 Firmware | 2022-06-28 | 5.8 MEDIUM | 8.8 HIGH |
| Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | |||||
| CVE-2022-30466 | 1 Joybike | 2 Wolf, Wolf Firmware | 2022-06-16 | 3.3 LOW | 6.5 MEDIUM |
| joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. | |||||
| CVE-2022-31265 | 1 Wargaming | 1 World Of Warships | 2022-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. | |||||
| CVE-2022-25159 | 1 Mitsubishielectric | 32 Fx5uc, Fx5uc-32mr\/ds-ts, Fx5uc-32mr\/ds-ts Firmware and 29 more | 2022-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack. | |||||
| CVE-2022-29878 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2022-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. | |||||
| CVE-2022-22806 | 1 Schneider-electric | 16 Scl Series 1029 Ups, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups and 13 more | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) | |||||
| CVE-2020-12692 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2022-04-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. | |||||
| CVE-2020-27374 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2022-04-14 | 7.9 HIGH | 7.5 HIGH |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. | |||||
| CVE-2022-27254 | 1 Honda | 2 Civic 2018, Civic 2018 Firmware | 2022-03-31 | 2.9 LOW | 5.3 MEDIUM |
| The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. | |||||
| CVE-2021-39364 | 1 Honeywell | 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. | |||||
| CVE-2022-25838 | 1 Laravel | 1 Fortify | 2022-03-08 | 6.8 MEDIUM | 8.1 HIGH |
| Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. | |||||