Lucene search
K

128 matches found

Openbugbounty
Openbugbounty
added 2022/07/25 4:21 p.m.13 views

ur.3lib.net Cross Site Scripting vulnerability OBB-2815700

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rockylinux
Rockylinux
added 2022/05/17 6:44 a.m.18 views

new packages: hunspell-ur

An update is available for hunspell-ur. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/04/01 12:34 a.m.15 views

ur-lr.or.jp Cross Site Scripting vulnerability OBB-2458404

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2022/03/23 8:15 p.m.5 views

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5.3CVSS6.2AI score0.00844EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.25 views

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5.3CVSS0.00844EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.26 views

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS0.00641EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.18 views

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS0.0102EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.29 views

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS0.01163EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.3 views

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

6.1CVSS6.5AI score0.00585EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.18 views

CVE-2021-27430

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

8.4CVSS0.00239EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS6.4AI score0.0102EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 8:15 p.m.19 views

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

9.8CVSS0.01163EPSS
Exploits0References2
Prion
Prion
added 2022/03/23 8:15 p.m.15 views

Cross site scripting

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

4.3CVSS6.5AI score0.00585EPSS
Exploits0References2Affected Software19
Prion
Prion
added 2022/03/23 8:15 p.m.21 views

Information disclosure

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

5CVSS6.5AI score0.00844EPSS
Exploits0References2Affected Software19
Prion
Prion
added 2022/03/23 8:15 p.m.24 views

Hardcoded credentials

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

4.6CVSS7.1AI score0.00239EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 8:15 p.m.18 views

Code injection

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

7.5CVSS9.4AI score0.01163EPSS
Exploits0References2Affected Software19
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.6 views

CVE-2021-27422 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS7.4AI score0.00641EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.22 views

CVE-2021-27422 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS7.6AI score0.00641EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 7:46 p.m.124 views

CVE-2021-27422

GE UR firmware 8.1x or later mitigates a vulnerability (CVE-2021-27422) where the web server interface, exposed over HTTP, can disclose sensitive information without authentication. Affected: GE UR family relays with prior-to-8.1x web server. Root cause: HTTP web server exposure allowing unauthen...

7.5CVSS7.6AI score0.00641EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.25 views

CVE-2021-27426 GE UR family insecure default variable initialization

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

9.8CVSS9.6AI score0.01163EPSS
Exploits0References2
Rows per page
Query Builder