Halo
by Halo Dev
Source repositories
CVEs (43)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15312 | 0.00 | — | 0.03 | Jul 1, 2020 | An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding… | |||
| CVE-2019-19999 | 0.00 | — | 0.02 | Dec 26, 2019 | Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | |||
| CVE-2019-16890 | 0.00 | — | 0.01 | Sep 25, 2019 | Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. |
- CVE-2019-15312Jul 1, 2020risk 0.00cvss —epss 0.03
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding…
- CVE-2019-19999Dec 26, 2019risk 0.00cvss —epss 0.02
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
- CVE-2019-16890Sep 25, 2019risk 0.00cvss —epss 0.01
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
Page 3 of 3