Vulnerabilities > PI Hole > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-23614 | Insufficient Session Expiration vulnerability in Pi-Hole web Interface Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. | 8.8 |
| 2021-09-15 | CVE-2021-3706 | Incorrect Permission Assignment for Critical Resource vulnerability in Pi-Hole web Interface adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | 7.5 |
| 2021-08-04 | CVE-2021-32706 | Unspecified vulnerability in Pi-Hole Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. | 8.8 |
| 2021-04-15 | CVE-2021-29448 | Cross-site Scripting vulnerability in Pi-Hole Ftldns, Pi-Hole and web Interface Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. | 8.8 |
| 2021-04-14 | CVE-2021-29449 | OS Command Injection vulnerability in Pi-Hole Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. | 7.8 |
| 2020-07-30 | CVE-2020-14162 | Improper Privilege Management vulnerability in Pi-Hole An issue was discovered in Pi-Hole through 5.0. | 7.8 |
| 2020-07-30 | CVE-2020-12620 | OS Command Injection vulnerability in Pi-Hole Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). | 7.8 |
| 2020-06-23 | CVE-2020-14971 | Missing Authorization vulnerability in Pi-Hole Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. | 7.8 |
| 2020-05-29 | CVE-2020-8816 | OS Command Injection vulnerability in Pi-Hole Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 7.2 |
| 2020-05-11 | CVE-2020-11108 | Unrestricted Upload of File with Dangerous Type vulnerability in Pi-Hole The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. | 8.8 |