Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6972 | 1 Honeywell | 1 Notifier Webserver | 2020-03-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | |||||
| CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2020-03-12 | 6.8 MEDIUM | 8.6 HIGH |
| The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud. | |||||
| CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | |||||
| CVE-2019-13533 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2020-01-02 | 6.8 MEDIUM | 8.1 HIGH |
| In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | |||||
| CVE-2019-12393 | 1 Anviz | 1 Management System | 2019-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | |||||
| CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | |||||
| CVE-2018-19023 | 1 Hetronic | 10 Bms-hl, Bms-hl Firmware, Dc Mobile and 7 more | 2019-10-09 | 5.8 MEDIUM | 8.8 HIGH |
| Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | |||||
| CVE-2018-14781 | 1 Medtronicdiabetes | 18 508 Minimed Insulin Pump, 508 Minimed Insulin Pump Firmware, 522 Paradigm Real-time and 15 more | 2019-10-09 | 2.9 LOW | 5.3 MEDIUM |
| Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. | |||||
| CVE-2017-6034 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. | |||||
| CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. | |||||
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | |||||
| CVE-2017-6823 | 1 Fiyo | 1 Fiyo Cms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | |||||
| CVE-2018-15498 | 1 Ysoft | 2 Safeq Server, Safeq Server Client | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| YSoft SafeQ Server 6 allows a replay attack. | |||||
| CVE-2017-11786 | 1 Microsoft | 2 Lync, Skype For Business | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." | |||||
| CVE-2018-16242 | 1 O.bike | 3 Obike-stationless Bike Sharing, Smart Locker, Smart Locker Firmware | 2019-10-03 | 2.9 LOW | 5.3 MEDIUM |
| oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. | |||||