Filtered by vendor Pi-hole
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12620 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.8 High |
| Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). | ||||
| CVE-2020-11108 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 8.8 High |
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | ||||
| CVE-2019-13051 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 8.8 High |
| Pi-Hole 4.3 allows Command Injection. | ||||