Vulnerabilities > Home Assistant

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-10	CVE-2020-36517	Information Exposure Through Discrepancy vulnerability in Home-Assistant 2022.03 An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. network low complexity home-assistant CWE-203	7.5
2021-01-26	CVE-2021-3152	Path Traversal vulnerability in Home-Assistant Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. network low complexity home-assistant CWE-22	5.3
2019-09-23	CVE-2018-21019	Information Exposure vulnerability in Home-Assistant Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. network low complexity home-assistant CWE-200	7.5
2017-11-10	CVE-2017-16782	Cross-site Scripting vulnerability in Home-Assistant In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. network low complexity home-assistant CWE-79	6.1

Vulnerabilities > Home Assistant {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Home Assistant"}]}