Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 12:31 a.m.9 views

CVE-2024-31151

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...

9.8CVSS9.7AI score0.00719EPSS
Exploits0
Circl
Circl
added 2024/10/30 3:52 p.m.3 views

CVE-2024-31151

creationtimestamp| type| source ---|---|--- 2024-10-30 15:52:06+00:00| published-proof-of-concept| https://t.me/cvedetector/9432...

9.8CVSS4.8AI score0.00719EPSS
Exploits0References1
Talos
Talos
added 2024/10/30 12:0 a.m.21 views

LevelOne WBR-6012 hard-coded password vulnerability

Talos Vulnerability Report TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability October 30, 2024 CVE Number CVE-2024-28875,CVE-2024-31151 SUMMARY A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during...

9.8CVSS8.7AI score0.00719EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/05 12:0 a.m.16 views

Schweitzer Engineering Laboratories RTAC Improper Certificate Validation (CVE-2023-31151)

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle MitM attack. See SEL Service Bulletin dated 2022-11-15 for more details...

4.7CVSS5.2AI score0.00246EPSS
Exploits0References3
Circl
Circl
added 2023/05/11 12:15 a.m.6 views

CVE-2023-31151

creationtimestamp| type| source ---|---|--- 2023-05-11 00:15:04+00:00| seen| https://t.me/cibsecurity/63851...

4.7CVSS4.6AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/10 7:21 p.m.7 views

CVE-2023-31151 Improper Certificate Validation

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle MitM attack. See SEL Service Bulletin dated 2022-11-15 for more details...

4.7CVSS4.9AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/10 7:21 p.m.26 views

CVE-2023-31151 Improper Certificate Validation

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle MitM attack. See SEL Service Bulletin dated 2022-11-15 for more details...

4.7CVSS4.9AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2023/05/10 7:21 p.m.50 views

CVE-2023-31151

CVE-2023-31151 affects the Schweitzer Engineering Laboratories RTAC Web Interface and is due to improper certificate validation, enabling a remote unauthenticated attacker to perform MITM over a network. The connected Tenable OT plugin reiterates the issue and points to the SEL Service Bulletin (...

4.7CVSS4.5AI score0.00246EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/07/21 8:31 p.m.4 views

0xsodium (>=0.2.0 <=0.14.0), 1password-config (=0.0.1) +11966 more potentially affected by CVE-2022-31151 +1 more via undici (>=0.3.3 <=5.7.0)

undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =1.0.21, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2022-31151, CVE-2023-45143 Source advisory: OSV:GHSA-Q768-X9M6-M9QP...

6.5CVSS6.6AI score0.01223EPSS
Exploits1
Circl
Circl
added 2022/07/21 7:12 a.m.4 views

CVE-2022-31151

creationtimestamp| type| source ---|---|--- 2022-07-21 07:12:43+00:00| seen| https://t.me/cibsecurity/46725...

6.5CVSS6.6AI score0.00584EPSS
Exploits1References1
NVD
NVD
added 2022/07/21 4:15 a.m.30 views

CVE-2022-31151

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

6.5CVSS0.00584EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/07/21 4:15 a.m.34 views

CVE-2022-31151

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

6.5CVSS6.7AI score0.00584EPSS
Exploits1References4
OSV
OSV
added 2022/07/20 11:0 p.m.9 views

CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

3.7CVSS5.6AI score0.00584EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2022/07/20 11:0 p.m.35 views

CVE-2022-31151

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

6.5CVSS5AI score0.00584EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/07/20 11:0 p.m.8 views

CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

3.7CVSS6.5AI score0.00584EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/07/20 11:0 p.m.37 views

CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

3.7CVSS6.7AI score0.00584EPSS
Exploits1References4
CVE
CVE
added 2022/07/20 11:0 p.m.218 views

CVE-2022-31151

CVE-2022-31151 affects the Node.js undici HTTP client. The issue is that during cross-origin redirects, authorization headers are cleared but cookie headers are not, potentially leaking cookies to a third party if an attacker controls the redirect target. The problem was patched in undici v5.7.1,...

6.5CVSS5.1AI score0.00584EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/08/24 7:8 p.m.41 views

CVE-2021-31151

CVE-2021-31151 entry is rejected/not used and does not represent an active vulnerability entry.

7.4AI score
Exploits0
Cvelist
Cvelist
added 2021/08/24 7:8 p.m.10 views

CVE-2021-31151

...

Exploits0
Rows per page
Query Builder