Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38296 | 1 Apache | 1 Spark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later | |||||
| CVE-2020-27374 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-02-04 | 7.9 HIGH | 7.5 HIGH |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. | |||||
| CVE-2022-30466 | 1 Joybike | 2 Wolf, Wolf Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. | |||||
| CVE-2022-22806 | 1 Schneider-electric | 16 Scl Series 1029 Ups, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups and 13 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) | |||||
| CVE-2022-22936 | 1 Saltstack | 1 Salt | 2024-02-04 | 5.4 MEDIUM | 8.8 HIGH |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. | |||||
| CVE-2022-25838 | 1 Laravel | 1 Fortify | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. | |||||
| CVE-2022-31277 | 1 Mi | 2 Xiaomi Lamp 1, Xiaomi Lamp 1 Firmware | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | |||||
| CVE-2022-31265 | 1 Wargaming | 1 World Of Warships | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. | |||||
| CVE-2022-30467 | 1 Joyebike | 2 Wolf 2022, Wolf 2022 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.8 MEDIUM |
| Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. | |||||
| CVE-2022-27254 | 1 Honda | 2 Civic 2018, Civic 2018 Firmware | 2024-02-04 | 2.9 LOW | 5.3 MEDIUM |
| The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. | |||||
| CVE-2021-27662 | 1 Johnsoncontrols | 2 Kantech Kt-1 Door Controller, Kantech Kt-1 Door Controller Firmware | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01 | |||||
| CVE-2021-46145 | 1 Honda | 1 Civic 2012 | 2024-02-04 | 2.9 LOW | 5.3 MEDIUM |
| The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization. | |||||
| CVE-2021-38459 | 1 Auvesy | 1 Versiondog | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database. | |||||
| CVE-2021-41030 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | |||||
| CVE-2021-25480 | 2 Google, Qualcomm | 2 Android, Qualcomm | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. | |||||
| CVE-2021-40170 | 1 Securitashome | 2 Securitashome Alarm System, Securitashome Alarm System Firmware | 2024-02-04 | 5.8 MEDIUM | 6.8 MEDIUM |
| An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system. | |||||
| CVE-2021-35067 | 1 Meross | 2 Msg100, Msg100 Firmware | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | |||||
| CVE-2020-28713 | 1 Nightowlsp | 2 Smart Doorbell, Smart Doorbell Firmware | 2024-02-04 | 5.8 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events. | |||||
| CVE-2021-26824 | 1 Dm Fingertool Project | 1 Dm Fingertool | 2024-02-04 | 5.6 MEDIUM | 7.1 HIGH |
| DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB. | |||||
| CVE-2021-31958 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 6.8 MEDIUM | 7.5 HIGH |
| Windows NTLM Elevation of Privilege Vulnerability | |||||