Total
127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-26824 | 1 Dm Fingertool Project | 1 Dm Fingertool | 2023-12-10 | 5.6 MEDIUM | 7.1 HIGH |
DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB. | |||||
CVE-2020-35551 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020). | |||||
CVE-2020-25660 | 2 Fedoraproject, Redhat | 4 Fedora, Ceph, Ceph Storage and 1 more | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. | |||||
CVE-2020-26172 | 1 Tangro | 1 Business Workflow | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp. | |||||
CVE-2020-15931 | 1 Netwrix | 1 Account Lockout Examiner | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | |||||
CVE-2020-27157 | 1 Veritas | 1 Aptare | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. | |||||
CVE-2020-13799 | 2 Linaro, Westerndigital | 7 Op-tee, Inand Cl Em132, Inand Cl Em132 Firmware and 4 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature. | |||||
CVE-2020-12355 | 1 Intel | 1 Trusted Execution Engine | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
CVE-2018-19025 | 1 Juuko | 2 K-808, K-808 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.). | |||||
CVE-2018-17932 | 1 Juuko | 2 K-800, K-800 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running. | |||||
CVE-2021-25835 | 1 Chainsafe | 1 Ethermint | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack. | |||||
CVE-2020-14302 | 1 Redhat | 1 Keycloak | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. | |||||
CVE-2021-25834 | 1 Chainsafe | 1 Ethermint | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. | |||||
CVE-2020-27269 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2023-12-10 | 2.9 LOW | 5.7 MEDIUM |
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy. | |||||
CVE-2021-22267 | 1 Hpe | 2 Nonstop, Web Viewpoint | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H). | |||||
CVE-2020-5300 | 1 Ory | 1 Hydra | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17 | |||||
CVE-2020-15688 | 1 Embedthis | 1 Goahead | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. | |||||
CVE-2019-11856 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2023-12-10 | 5.5 MEDIUM | 3.8 LOW |
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. | |||||
CVE-2020-5261 | 1 Sustainsys | 1 Saml2 | 2023-12-10 | 4.9 MEDIUM | 6.8 MEDIUM |
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use. | |||||
CVE-2020-6972 | 1 Honeywell | 1 Notifier Webserver | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. |