Filtered by vendor Pi-hole
Subscribe
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11108 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | |||||
| CVE-2019-13051 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pi-Hole 4.3 allows Command Injection. | |||||