Fallos del tipo CWE-294

150 resultados
CVE-2017-3191D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A rEPSS 62.5%CVE-2023-49231CRITICALAn authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administraEPSS 42.9%CVE-2022-22806A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malEPSS 12.3%CVE-2022-29593MEDIUMrelay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need EPSS 10.4%CVE-2017-6034CRITICALSchneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replayEPSS 5.1%CVE-2018-7790CRITICALAn Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firEPSS 2.5%CVE-2022-43704MEDIUMThe Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate usEPSS 1.9%CVE-2021-38296Apache Spark Key Negotiation VulnerabilityEPSS 1.8%CVE-2018-17903SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.EPSS 1.6%CVE-2018-17932JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, whicEPSS 1.5%CVE-2018-19025In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (FirmwareEPSS 1.5%CVE-2022-45789HIGHA CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the cEPSS 1.4%CVE-2018-1128It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker haviEPSS 1.4%CVE-2019-18226Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras andEPSS 1.4%CVE-2020-6972In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay atEPSS 1.3%CVE-2020-5261HIGHMissing Token Replay DetectionEPSS 1.2%CVE-2022-41541HIGHTP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and EPSS 1.1%CVE-2020-10045A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error EPSS 1.1%CVE-2023-30909CRITICALA remote authentication bypass issue exists in some OneView APIs. EPSS 1.1%CVE-2020-5300MEDIUMDisallow replay of `private_key_jwt` by blacklisting JTIs in HydraEPSS 1.0%