19 matches found
CVE-2024-31151
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...
CVE-2024-31151
creationtimestamp| type| source ---|---|--- 2024-10-30 15:52:06+00:00| published-proof-of-concept| https://t.me/cvedetector/9432...
LevelOne WBR-6012 hard-coded password vulnerability
Talos Vulnerability Report TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability October 30, 2024 CVE Number CVE-2024-28875,CVE-2024-31151 SUMMARY A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during...
Schweitzer Engineering Laboratories RTAC Improper Certificate Validation (CVE-2023-31151)
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle MitM attack. See SEL Service Bulletin dated 2022-11-15 for more details...
CVE-2023-31151
creationtimestamp| type| source ---|---|--- 2023-05-11 00:15:04+00:00| seen| https://t.me/cibsecurity/63851...
CVE-2023-31151 Improper Certificate Validation
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle MitM attack. See SEL Service Bulletin dated 2022-11-15 for more details...
CVE-2023-31151 Improper Certificate Validation
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle MitM attack. See SEL Service Bulletin dated 2022-11-15 for more details...
CVE-2023-31151
CVE-2023-31151 affects the Schweitzer Engineering Laboratories RTAC Web Interface and is due to improper certificate validation, enabling a remote unauthenticated attacker to perform MITM over a network. The connected Tenable OT plugin reiterates the issue and points to the SEL Service Bulletin (...
0xsodium (>=0.2.0 <=0.14.0), 1password-config (=0.0.1) +11966 more potentially affected by CVE-2022-31151 +1 more via undici (>=0.3.3 <=5.7.0)
undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =1.0.21, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2022-31151, CVE-2023-45143 Source advisory: OSV:GHSA-Q768-X9M6-M9QP...
CVE-2022-31151
creationtimestamp| type| source ---|---|--- 2022-07-21 07:12:43+00:00| seen| https://t.me/cibsecurity/46725...
CVE-2022-31151
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-31151
CVE-2022-31151 affects the Node.js undici HTTP client. The issue is that during cross-origin redirects, authorization headers are cleared but cookie headers are not, potentially leaking cookies to a third party if an attacker controls the redirect target. The problem was patched in undici v5.7.1,...
CVE-2021-31151
CVE-2021-31151 entry is rejected/not used and does not represent an active vulnerability entry.
CVE-2021-31151
...