Vulnerabilities > PI Hole

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-14	CVE-2021-29449	OS Command Injection vulnerability in Pi-Hole Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. local low complexity pi-hole CWE-78	7.2
2021-02-18	CVE-2020-35592	Cross-site Scripting vulnerability in Pi-Hole 5.0/5.1/5.1.1 Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. network pi-hole CWE-79	3.5
2021-02-18	CVE-2020-35591	Session Fixation vulnerability in Pi-Hole 5.0/5.1/5.1.1 Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. network pi-hole CWE-384	5.8
2020-12-24	CVE-2020-35659	Cross-site Scripting vulnerability in Pi-Hole The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. network pi-hole CWE-79	4.3
2020-07-30	CVE-2020-14162	Improper Privilege Management vulnerability in Pi-Hole An issue was discovered in Pi-Hole through 5.0. local low complexity pi-hole CWE-269	7.2
2020-07-30	CVE-2020-12620	Improper Privilege Management vulnerability in Pi-Hole Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). local low complexity pi-hole CWE-269	7.2
2020-06-23	CVE-2020-14971	Code Injection vulnerability in Pi-Hole Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. local low complexity pi-hole CWE-94	4.6
2020-05-29	CVE-2020-8816	OS Command Injection vulnerability in Pi-Hole Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. network low complexity pi-hole CWE-78	6.5
2020-05-11	CVE-2020-11108	Unrestricted Upload of File with Dangerous Type vulnerability in Pi-Hole The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. network low complexity pi-hole CWE-434 critical	9.0
2019-10-09	CVE-2019-13051	OS Command Injection vulnerability in Pi-Hole 4.3 Pi-Hole 4.3 allows Command Injection. network pi-hole CWE-78	6.8

Vulnerabilities > PI Hole {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"PI Hole"}]}

Vulnerabilities > PI Hole