Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo halo vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
Halo Halo 1.1.0
5.4
CVSSv3
CVE-2020-19007
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
Halo Halo 1.2.0
5.3
CVSSv3
CVE-2020-19037
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
Halo Halo 0.4.3
9.1
CVSSv3
CVE-2020-19038
File Deletion vulnerability in Halo 0.4.3 via delBackup.
Halo Halo 0.4.3
NA
CVE-2004-1539
Halo: Combat Evolved 1.05 and previous versions allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.
Gearbox Software Halo Combat Evolved 1.2
Gearbox Software Halo Combat Evolved 1.31
Gearbox Software Halo Combat Evolved 1.4
Gearbox Software Halo Combat Evolved 1.5
1 EDB exploit
NA
CVE-2004-1667
Off-by-one error in Halo Combat Evolved 1.04 and previous versions allows remote malicious users to cause a denial of service (server crash) via a long client response.
Gearbox Software Halo Combat Evolved 1.2
Gearbox Software Halo Combat Evolved 1.31
Gearbox Software Halo Combat Evolved 1.4
5.4
CVSSv3
CVE-2022-22123
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.
Fit2cloud Halo
5.4
CVSSv3
CVE-2022-22124
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.
Fit2cloud Halo
4.8
CVSSv3
CVE-2022-28074
Halo-1.5.0 exists to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
Fit2cloud Halo 1.5.0
7.1
CVSSv3
CVE-2019-5625
The Android mobile application Halo Home prior to 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an malicious user to impersonate...
Eaton Halo Home 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »