Vulnerabilities > PI Hole > PI Hole > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-04 CVE-2021-32706 Unspecified vulnerability in Pi-Hole
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics.
network
low complexity
pi-hole
6.5
6.5
2021-04-15 CVE-2021-29448 Cross-site Scripting vulnerability in Pi-Hole Ftldns, Pi-Hole and web Interface
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application.
network
pi-hole CWE-79
5.8
5.8
2021-02-18 CVE-2020-35591 Session Fixation vulnerability in Pi-Hole 5.0/5.1/5.1.1
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation.
network
pi-hole CWE-384
5.8
5.8
2020-12-24 CVE-2020-35659 Cross-site Scripting vulnerability in Pi-Hole
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS.
network
pi-hole CWE-79
4.3
4.3
2020-06-23 CVE-2020-14971 Code Injection vulnerability in Pi-Hole
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them.
local
low complexity
pi-hole CWE-94
4.6
4.6
2020-05-29 CVE-2020-8816 OS Command Injection vulnerability in Pi-Hole
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
network
low complexity
pi-hole CWE-78
6.5
6.5
2019-10-09 CVE-2019-13051 OS Command Injection vulnerability in Pi-Hole 4.3
Pi-Hole 4.3 allows Command Injection.
network
pi-hole CWE-78
6.8
6.8