Vulnerabilities > Openelec > Openelec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-05 | CVE-2017-6445 | Missing Encryption of Sensitive Data vulnerability in Openelec 6.0.3/7.0.1 The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. | 7.6 |
| 2016-02-08 | CVE-2016-2230 | Credentials Management vulnerability in Openelec OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | 10.0 |
| 2009-02-03 | CVE-2008-6025 | Path Traversal vulnerability in Openelec 2.02/3.00 Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |