Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-294
Total 101 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28713 1 Nightowlsp 2 Smart Doorbell, Smart Doorbell Firmware 2021-06-21 5.8 MEDIUM 6.5 MEDIUM
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events.
CVE-2020-25660 2 Fedoraproject, Redhat 4 Fedora, Ceph, Ceph Storage and 1 more 2021-05-28 5.8 MEDIUM 8.8 HIGH
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
CVE-2021-27572 1 Remotemouse 1 Emote Remote Mouse 2021-05-17 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.
CVE-2020-5261 1 Sustainsys 1 Saml2 2021-03-24 4.9 MEDIUM 6.8 MEDIUM
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.
CVE-2021-22267 1 Hpe 2 Nonstop, Web Viewpoint 2021-02-26 4.3 MEDIUM 5.9 MEDIUM
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).
CVE-2021-25835 1 Chainsafe 1 Ethermint 2021-02-12 5.0 MEDIUM 7.5 HIGH
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.
CVE-2021-25834 1 Chainsafe 1 Ethermint 2021-02-12 5.0 MEDIUM 7.5 HIGH
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.
CVE-2020-27269 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2021-01-22 2.9 LOW 5.7 MEDIUM
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.
CVE-2020-26172 1 Tangro 1 Business Workflow 2020-12-21 6.4 MEDIUM 6.5 MEDIUM
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.
CVE-2020-35551 1 Google 1 Android 2020-12-18 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
CVE-2020-14302 1 Redhat 1 Keycloak 2020-12-18 4.0 MEDIUM 4.9 MEDIUM
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.
CVE-2020-12355 1 Intel 1 Trusted Execution Engine 2020-11-24 4.6 MEDIUM 6.8 MEDIUM
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2018-19025 1 Juuko 2 K-808, K-808 Firmware 2020-11-12 10.0 HIGH 9.8 CRITICAL
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
CVE-2018-17932 1 Juuko 2 K-800, K-800 Firmware 2020-11-12 10.0 HIGH 9.8 CRITICAL
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
CVE-2020-24722 1 Exposure Notifications Project 1 Exposure Notifications 2020-10-22 2.6 LOW 5.9 MEDIUM
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks."
CVE-2020-27157 1 Veritas 1 Aptare 2020-10-20 6.8 MEDIUM 8.1 HIGH
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.
CVE-2019-18226 1 Honeywell 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more 2020-09-28 7.5 HIGH 9.8 CRITICAL
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
CVE-2018-17935 1 Telecrane 22 F25-10d, F25-10d Firmware, F25-10s and 19 more 2020-09-18 4.8 MEDIUM 8.1 HIGH
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
CVE-2018-17903 1 Sagaradio 2 Saga1-l8b, Saga1-l8b Firmware 2020-09-18 6.4 MEDIUM 9.1 CRITICAL
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
CVE-2019-12887 1 Keyidentity 1 Linotp 2020-08-24 6.8 MEDIUM 8.1 HIGH
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).