Search
Search Results (24 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14162 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.8 High |
| An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. | ||||
| CVE-2020-12620 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.8 High |
| Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). | ||||
| CVE-2020-11108 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 8.8 High |
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | ||||
| CVE-2019-13051 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 8.8 High |
| Pi-Hole 4.3 allows Command Injection. | ||||