Search
Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20900 | 6 Debian, Fedoraproject, Linux and 3 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-01-12 | N/A | 7.5 HIGH |
| A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2023-45794 | 1 Siemens | 1 Mendix | 2023-12-28 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. | |||||
| CVE-2022-22936 | 1 Saltstack | 1 Salt | 2023-12-21 | 5.4 MEDIUM | 8.8 HIGH |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. | |||||
| CVE-2023-41890 | 1 Sustainsys | 1 Saml2 | 2023-12-19 | N/A | 7.5 HIGH |
| Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible. | |||||
| CVE-2023-1886 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2022-46480 | 1 U-tec | 2 Ultraloq Ul3 Bt, Ultraloq Ul3 Bt Firmware | 2023-12-08 | N/A | 8.1 HIGH |
| Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range. | |||||
| CVE-2023-39547 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2022-45789 | 1 Schneider-electric | 72 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 69 more | 2023-08-09 | N/A | 9.8 CRITICAL |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) | |||||
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | |||||
| CVE-2022-29334 | 1 H Project | 1 H | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. | |||||
| CVE-2021-31958 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-01 | 6.8 MEDIUM | 7.5 HIGH |
| Windows NTLM Elevation of Privilege Vulnerability | |||||
| CVE-2023-34625 | 1 Showmojo | 2 Mojobox, Mojobox Firmware | 2023-07-28 | N/A | 8.1 HIGH |
| ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock. | |||||
| CVE-2022-29593 | 1 Dingtian-tech | 2 Dt-r004, Dt-r004 Firmware | 2022-07-29 | N/A | 5.9 MEDIUM |
| relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. | |||||
| CVE-2021-38296 | 1 Apache | 1 Spark | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later | |||||
| CVE-2022-33971 | 1 Omron | 104 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 101 more | 2022-07-15 | 5.4 MEDIUM | 7.5 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | |||||
| CVE-2022-33208 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2022-07-15 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. | |||||
| CVE-2022-30467 | 1 Joyebike | 2 Wolf 2022, Wolf 2022 Firmware | 2022-07-13 | 4.3 MEDIUM | 6.8 MEDIUM |
| Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. | |||||
| CVE-2022-31277 | 1 Mi | 2 Xiaomi Lamp 1, Xiaomi Lamp 1 Firmware | 2022-06-28 | 5.8 MEDIUM | 8.8 HIGH |
| Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | |||||
| CVE-2022-30466 | 1 Joybike | 2 Wolf, Wolf Firmware | 2022-06-16 | 3.3 LOW | 6.5 MEDIUM |
| joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. | |||||
| CVE-2022-31265 | 1 Wargaming | 1 World Of Warships | 2022-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. | |||||
| CVE-2022-25159 | 1 Mitsubishielectric | 32 Fx5uc, Fx5uc-32mr\/ds-ts, Fx5uc-32mr\/ds-ts Firmware and 29 more | 2022-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack. | |||||
| CVE-2022-29878 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2022-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. | |||||
| CVE-2022-22806 | 1 Schneider-electric | 16 Scl Series 1029 Ups, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups and 13 more | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) | |||||
| CVE-2020-12692 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2022-04-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. | |||||
| CVE-2019-11856 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 5.5 MEDIUM | 3.8 LOW |
| A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. | |||||
| CVE-2018-7790 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. | |||||
| CVE-2021-46145 | 1 Honda | 1 Civic 2012 | 2022-01-18 | 2.9 LOW | 5.3 MEDIUM |
| The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization. | |||||
| CVE-2021-40170 | 1 Securitashome | 2 Securitashome Alarm System, Securitashome Alarm System Firmware | 2022-01-06 | 5.8 MEDIUM | 6.8 MEDIUM |
| An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system. | |||||
| CVE-2021-41030 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2021-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | |||||
| CVE-2021-38459 | 1 Auvesy | 1 Versiondog | 2021-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database. | |||||
| CVE-2021-35067 | 1 Meross | 2 Msg100, Msg100 Firmware | 2021-10-18 | 5.5 MEDIUM | 8.1 HIGH |
| Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | |||||
| CVE-2021-25480 | 2 Google, Qualcomm | 2 Android, Qualcomm | 2021-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. | |||||
| CVE-2021-27662 | 1 Johnsoncontrols | 2 Kantech Kt-1 Door Controller, Kantech Kt-1 Door Controller Firmware | 2021-09-28 | 6.8 MEDIUM | 8.1 HIGH |
| The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01 | |||||
| CVE-2019-20626 | 1 Honda | 2 Hr-v 2017, Hr-v 2017 Firmware | 2021-09-14 | 3.3 LOW | 6.5 MEDIUM |
| The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. | |||||
| CVE-2021-26824 | 1 Dm Fingertool Project | 1 Dm Fingertool | 2021-08-09 | 5.6 MEDIUM | 7.1 HIGH |
| DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB. | |||||
| CVE-2020-15931 | 1 Netwrix | 1 Account Lockout Examiner | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | |||||
| CVE-2019-18199 | 1 Fujitsu | 2 Lx390, Lx390 Firmware | 2021-07-21 | 6.9 MEDIUM | 6.6 MEDIUM |
| An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. | |||||
| CVE-2020-23178 | 1 Php-fusion | 1 Php-fusion | 2021-07-06 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user. | |||||
| CVE-2020-13799 | 2 Linaro, Westerndigital | 7 Op-tee, Inand Cl Em132, Inand Cl Em132 Firmware and 4 more | 2021-06-29 | 4.6 MEDIUM | 6.8 MEDIUM |
| Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature. | |||||
| CVE-2020-28713 | 1 Nightowlsp | 2 Smart Doorbell, Smart Doorbell Firmware | 2021-06-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events. | |||||
| CVE-2020-25660 | 2 Fedoraproject, Redhat | 4 Fedora, Ceph, Ceph Storage and 1 more | 2021-05-28 | 5.8 MEDIUM | 8.8 HIGH |
| A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. | |||||
| CVE-2021-27572 | 1 Remotemouse | 1 Emote Remote Mouse | 2021-05-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set. | |||||
| CVE-2020-5261 | 1 Sustainsys | 1 Saml2 | 2021-03-24 | 4.9 MEDIUM | 6.8 MEDIUM |
| Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use. | |||||
| CVE-2021-22267 | 1 Hpe | 2 Nonstop, Web Viewpoint | 2021-02-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H). | |||||
| CVE-2021-25835 | 1 Chainsafe | 1 Ethermint | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack. | |||||
| CVE-2021-25834 | 1 Chainsafe | 1 Ethermint | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. | |||||
| CVE-2020-27269 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2021-01-22 | 2.9 LOW | 5.7 MEDIUM |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy. | |||||
| CVE-2020-26172 | 1 Tangro | 1 Business Workflow | 2020-12-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp. | |||||
| CVE-2020-35551 | 1 Google | 1 Android | 2020-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020). | |||||
| CVE-2020-14302 | 1 Redhat | 1 Keycloak | 2020-12-18 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. | |||||