Vulnerabilities (CVE)

Filtered by CWE-294
Total 126 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33281 1 Nissan 2 Sylphy Classic 2021, Sylphy Classic 2021 Firmware 2024-03-21 N/A 6.5 MEDIUM
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.
CVE-2020-24722 1 Exposure Notifications Project 1 Exposure Notifications 2024-03-21 2.6 LOW 5.9 MEDIUM
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.
CVE-2023-6374 1 Mitsubishielectric 2 Melsec Ws0-geth00200, Melsec Ws0-geth00200 Firmware 2024-02-06 N/A 7.5 HIGH
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.
CVE-2023-46892 1 Meross 2 Msh30q, Msh30q Firmware 2024-01-29 N/A 8.8 HIGH
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).
CVE-2023-50128 1 Hozard 1 Alarm System 2024-01-19 N/A 5.3 MEDIUM
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.
CVE-2022-46480 1 U-tec 2 Ultraloq Ul3 Bt, Ultraloq Ul3 Bt Firmware 2024-01-16 N/A 8.1 HIGH
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.
CVE-2023-20900 6 Debian, Fedoraproject, Linux and 3 more 7 Debian Linux, Fedora, Linux Kernel and 4 more 2024-01-12 N/A 7.5 HIGH
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVE-2022-22936 1 Saltstack 1 Salt 2023-12-21 5.4 MEDIUM 8.8 HIGH
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
CVE-2023-41890 1 Sustainsys 1 Saml2 2023-12-19 N/A 7.5 HIGH
Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.
CVE-2023-1886 1 Phpmyfaq 1 Phpmyfaq 2023-12-18 N/A 9.8 CRITICAL
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-39547 1 Nec 2 Expresscluster X, Expresscluster X Singleserversafe 2023-12-10 N/A 8.8 HIGH
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
CVE-2023-34625 1 Showmojo 2 Mojobox, Mojobox Firmware 2023-12-10 N/A 8.1 HIGH
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.
CVE-2023-36857 1 Bakerhughes 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware 2023-12-10 N/A 6.5 MEDIUM
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.
CVE-2023-39373 1 Hyundai 2 Hyundai 2017, Hyundai 2017 Firmware 2023-12-10 N/A 6.5 MEDIUM
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
CVE-2023-2846 1 Mitsubishielectric 300 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 297 more 2023-12-10 N/A 9.1 CRITICAL
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
CVE-2022-48507 1 Huawei 2 Emui, Harmonyos 2023-12-10 N/A 7.5 HIGH
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-1537 1 Answer 1 Answer 2023-12-10 N/A 9.8 CRITICAL
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2022-47930 1 Iofinnet 1 Tss-lib 2023-12-10 N/A 6.8 MEDIUM
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.
CVE-2023-33621 1 Gl-inet 2 Gl-ar750s, Gl-ar750s Firmware 2023-12-10 N/A 5.9 MEDIUM
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.
CVE-2023-31763 1 Agshome Smart Alarm Project 2 Agshome Smart Alarm, Agshome Smart Alarm Firmware 2023-12-10 N/A 7.5 HIGH
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.