Vulnerabilities > PI Hole > PI Hole > 2.13.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2021-32706 | Unspecified vulnerability in Pi-Hole Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. | 6.5 |
| 2021-08-04 | CVE-2021-32793 | Cross-site Scripting vulnerability in Pi-Hole Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. | 3.5 |
| 2021-04-14 | CVE-2021-29449 | OS Command Injection vulnerability in Pi-Hole Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. | 7.2 |
| 2020-12-24 | CVE-2020-35659 | Cross-site Scripting vulnerability in Pi-Hole The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. | 4.3 |
| 2020-07-30 | CVE-2020-14162 | Improper Privilege Management vulnerability in Pi-Hole An issue was discovered in Pi-Hole through 5.0. | 7.2 |
| 2020-07-30 | CVE-2020-12620 | Improper Privilege Management vulnerability in Pi-Hole Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). | 7.2 |
| 2020-06-23 | CVE-2020-14971 | Code Injection vulnerability in Pi-Hole Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. | 4.6 |
| 2020-05-29 | CVE-2020-8816 | OS Command Injection vulnerability in Pi-Hole Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 6.5 |
| 2020-05-11 | CVE-2020-11108 | Unrestricted Upload of File with Dangerous Type vulnerability in Pi-Hole The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. | 9.0 |