The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-28074 | Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \\admin\\index.html#/system/tools. | LOW | Apr 22, 2022 | n/a |
| CVE-2023-33528 | halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). | -- | Mar 28, 2024 | n/a |
| CVE-2020-21525 | Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | MEDIUM | Oct 8, 2020 | n/a |
| CVE-2022-32994 | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | HIGH | Jun 28, 2022 | n/a |
| CVE-2022-32995 | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | HIGH | Jun 28, 2022 | n/a |
| CVE-2022-26619 | Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | MEDIUM | Apr 5, 2022 | n/a |
| CVE-2020-19007 | Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user\'s browser. | LOW | Aug 26, 2020 | n/a |
| CVE-2019-19999 | Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | MEDIUM | Dec 26, 2019 | n/a |
| CVE-2019-16890 | Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | LOW | Sep 26, 2019 | n/a |
| CVE-2015-4624 | Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | Medium | Apr 4, 2017 | n/a |
| CVE-2023-51663 | Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user\'s domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access. | -- | Dec 29, 2023 | n/a |
| CVE-2012-2945 | Hadoop 1.0.3 contains a symlink vulnerability. | MEDIUM | Oct 31, 2019 | n/a |
| CVE-2024-22778 | HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. | -- | Feb 22, 2024 | n/a |
| CVE-2021-1049 | Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722 | HIGH | Jan 14, 2022 | n/a |
| CVE-2019-13125 | HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. | MEDIUM | Jul 10, 2019 | n/a |
| CVE-2022-2475 | Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the Ethernet Q Commands service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | -- | Oct 28, 2022 | n/a |
| CVE-2023-5545 | H5P metadata automatically populated the author with the user\'s username, which could be sensitive information. | -- | Nov 9, 2023 | n/a |
| CVE-2022-35416 | H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. | MEDIUM | Jul 15, 2022 | n/a |
| CVE-2023-33633 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33627 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33635 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33639 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33640 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33636 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33632 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33638 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33642 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33630 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33634 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33628 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33629 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33631 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33637 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33643 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33641 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. | -- | Jun 1, 2023 | n/a |
| CVE-2023-29916 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29905 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29910 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29908 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29913 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29907 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29906 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29914 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29909 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29911 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29917 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2023-29915 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. | -- | Apr 24, 2023 | n/a |
| CVE-2022-34610 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app. | -- | Jul 20, 2022 | n/a |
| CVE-2022-34602 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. | -- | Jul 20, 2022 | n/a |
| CVE-2022-34604 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /dotrace.asp. | -- | Jul 20, 2022 | n/a |
