Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Airsonic Security Vulnerabilities

cve
cve

CVE-2019-10907

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated...

9.8CVSS

7.2AI Score

0.002EPSS

2019-04-07 02:29 PM
16
cve
cve

CVE-2019-10908

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation...

9.8CVSS

7.6AI Score

0.008EPSS

2019-04-07 02:29 PM
19
cve
cve

CVE-2018-20222

XXE issue in Airsonic before 10.1.2 during...

9.8CVSS

7.4AI Score

0.002EPSS

2019-04-04 04:29 PM
19