MidnightBSD

Advisories for d-circle

CVE-2019-5916 HIGH

Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
d-circle power_egg 2.7
d-circle power_egg 2.0.1
d-circle power_egg 2.0.2
d-circle power_egg 2.1
d-circle power_egg 2.2
d-circle power_egg 2.9
d-circle power_egg 2.3
d-circle power_egg 2.5
d-circle power_egg 2.8c
d-circle power_egg 2.4
d-circle power_egg 2.6
d-circle power_egg 2.8