Search
Search Results (212 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17932 | 1 Juuko | 2 K-800, K-800 Firmware | 2024-11-21 | 9.8 Critical |
| JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running. | ||||
| CVE-2018-17903 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | 9.1 Critical |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. | ||||
| CVE-2018-17176 | 1 Neatorobotics | 6 Botvac D4 Connected, Botvac D4 Connected Firmware, Botvac D6 Connected and 3 more | 2024-11-21 | N/A |
| A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all. | ||||
| CVE-2018-16242 | 1 O.bike | 3 Obike-stationless Bike Sharing, Smart Locker, Smart Locker Firmware | 2024-11-21 | N/A |
| oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. | ||||
| CVE-2018-15498 | 1 Ysoft | 2 Safeq Server, Safeq Server Client | 2024-11-21 | N/A |
| YSoft SafeQ Server 6 allows a replay attack. | ||||
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2024-11-21 | N/A |
| An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | ||||
| CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2024-11-21 | N/A |
| In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. | ||||
| CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 5.9 Medium |
| Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | ||||
| CVE-2024-36250 | 1 Mattermost | 1 Mattermost Server | 2024-11-14 | 3.1 Low |
| Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds | ||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | 7.5 High |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | ||||
| CVE-2024-3982 | 2 Hitachi, Hitachienergy | 2 Microscada X Sys600, Microscada X Sys600 | 2024-10-30 | 8.2 High |
| An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | ||||
| CVE-2024-8260 | 3 Microsoft, Openpolicyagent, Redhat | 3 Windows, Open Policy Agent, Openshift Distributed Tracing | 2024-09-19 | 6.1 Medium |
| A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions. | ||||