Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29850 | 2024-07-03 | N/A | 8.8 HIGH | ||
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | |||||
| CVE-2023-47435 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages. | |||||
| CVE-2024-38272 | 2024-06-27 | N/A | N/A | ||
| There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows. Normally in QuickShare Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quickshare or above | |||||
| CVE-2024-4009 | 1 Abb | 10 2tma310010b0001, 2tma310010b0001 Firmware, 2tma310010b0003 and 7 more | 2024-06-18 | N/A | 7.8 HIGH |
| Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System | |||||
| CVE-2024-34065 | 2024-06-13 | N/A | 7.1 HIGH | ||
| Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | |||||
| CVE-2024-38284 | 2024-06-13 | N/A | N/A | ||
| Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. | |||||
| CVE-2023-23397 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-05-29 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Elevation of Privilege Vulnerability | |||||
| CVE-2023-33281 | 1 Nissan | 2 Sylphy Classic 2021, Sylphy Classic 2021 Firmware | 2024-05-17 | N/A | 6.5 MEDIUM |
| The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. | |||||
| CVE-2020-24722 | 1 Exposure Notifications Project | 1 Exposure Notifications | 2024-05-17 | 2.6 LOW | 5.9 MEDIUM |
| ** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks." | |||||
| CVE-2024-29901 | 2024-04-01 | N/A | 4.8 MEDIUM | ||
| The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2. | |||||
| CVE-2023-6374 | 1 Mitsubishielectric | 2 Melsec Ws0-geth00200, Melsec Ws0-geth00200 Firmware | 2024-02-06 | N/A | 7.5 HIGH |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules. | |||||
| CVE-2023-39547 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-02-05 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-50128 | 1 Hozard | 1 Alarm System | 2024-02-05 | N/A | 5.3 MEDIUM |
| The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state. | |||||
| CVE-2023-45794 | 1 Siemens | 1 Mendix | 2024-02-05 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. | |||||
| CVE-2023-46892 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2024-02-05 | N/A | 8.8 HIGH |
| The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | |||||
| CVE-2022-46480 | 1 U-tec | 2 Ultraloq Ul3 Bt, Ultraloq Ul3 Bt Firmware | 2024-02-05 | N/A | 8.1 HIGH |
| Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range. | |||||
| CVE-2023-34625 | 1 Showmojo | 2 Mojobox, Mojobox Firmware | 2024-02-05 | N/A | 8.1 HIGH |
| ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock. | |||||
| CVE-2023-41890 | 1 Sustainsys | 1 Saml2 | 2024-02-05 | N/A | 7.5 HIGH |
| Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible. | |||||
| CVE-2023-29158 | 1 Subnet | 1 Powersystem Center | 2024-02-04 | N/A | 9.1 CRITICAL |
| SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | |||||
| CVE-2023-31759 | 1 Keruistore | 2 Kerui W18, Kerui W18 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
| Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | |||||