Filtered by vendor Pi-hole
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14162 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. | |||||
| CVE-2020-12620 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). | |||||
| CVE-2020-11108 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | |||||
| CVE-2019-13051 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pi-Hole 4.3 allows Command Injection. | |||||