Total
127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16242 | 1 O.bike | 3 Obike-stationless Bike Sharing, Smart Locker, Smart Locker Firmware | 2023-12-10 | 2.9 LOW | 5.3 MEDIUM |
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. | |||||
CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | |||||
CVE-2018-17903 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. | |||||
CVE-2018-17935 | 1 Telecrane | 22 F25-10d, F25-10d Firmware, F25-10s and 19 more | 2023-12-10 | 4.8 MEDIUM | 8.1 HIGH |
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | |||||
CVE-2017-11786 | 1 Microsoft | 2 Lync, Skype For Business | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." | |||||
CVE-2017-6823 | 1 Fiyo | 1 Fiyo Cms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | |||||
CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2023-12-10 | 7.5 HIGH | N/A |
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. |