VYPR

Halo

by Halo Dev

Source repositories

CVEs (43)

  • CVE-2019-15312Jul 1, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding…

  • CVE-2019-19999Dec 26, 2019
    risk 0.00cvss epss 0.02

    Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

  • CVE-2019-16890Sep 25, 2019
    risk 0.00cvss epss 0.01

    Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.

Page 3 of 3