Filtered by vendor
Subscriptions
Total
160 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-9477 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2023-29158 | 1 Subnet | 1 Powersystem Center | 2024-12-09 | 6.1 Medium |
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | ||||
CVE-2023-34553 | 1 Wafucn | 2 Wafu Keyless Smart Lock, Wafu Keyless Smart Lock Firmware | 2024-12-06 | 6.5 Medium |
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. | ||||
CVE-2023-39547 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-12-02 | 8.8 High |
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | ||||
CVE-2024-49595 | 2024-11-26 | 7.6 High | ||
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | ||||
CVE-2024-5249 | 1 Perforce | 1 Akana Api | 2024-11-21 | 5.4 Medium |
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | ||||
CVE-2024-4009 | 1 Abb | 10 2tma310010b0001, 2tma310010b0001 Firmware, 2tma310010b0003 and 7 more | 2024-11-21 | 9.2 Critical |
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System | ||||
CVE-2024-3596 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-11-21 | 9.0 Critical |
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||||
CVE-2024-38438 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2024-11-21 | 9.8 Critical |
D-Link - CWE-294: Authentication Bypass by Capture-replay | ||||
CVE-2024-38284 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box | 2024-11-21 | N/A |
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. | ||||
CVE-2024-38272 | 1 Google | 1 Nearby | 2024-11-21 | 4.3 Medium |
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above | ||||
CVE-2024-37016 | 2024-11-21 | 6.8 Medium | ||
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach. | ||||
CVE-2024-34065 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.1 High |
Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | ||||
CVE-2024-29901 | 2024-11-21 | 4.8 Medium | ||
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2. | ||||
CVE-2024-29851 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | ||||
CVE-2024-29850 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | ||||
CVE-2023-6374 | 1 Mitsubishielectric | 2 Melsec Ws0-geth00200, Melsec Ws0-geth00200 Firmware | 2024-11-21 | 5.9 Medium |
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules. | ||||
CVE-2023-50128 | 1 Hozard | 1 Alarm System | 2024-11-21 | 5.3 Medium |
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state. | ||||
CVE-2023-49231 | 1 Stilog | 1 Visual Planning 8 | 2024-11-21 | 9.8 Critical |
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token. | ||||
CVE-2023-47435 | 2024-11-21 | 9.8 Critical | ||
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages. |