- EPSS 71.97%
- Veröffentlicht 08.03.2023 18:15:11
- Zuletzt bearbeitet 21.11.2024 07:52:59
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that u...
CVE-2020-36517
- EPSS 2.85%
- Veröffentlicht 10.03.2022 17:41:21
- Zuletzt bearbeitet 21.11.2024 05:29:44
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
CVE-2021-3152
- EPSS 2.23%
- Veröffentlicht 26.01.2021 18:16:27
- Zuletzt bearbeitet 21.11.2024 06:21:00
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by thi...
CVE-2018-21019
- EPSS 1.68%
- Veröffentlicht 23.09.2019 16:15:14
- Zuletzt bearbeitet 21.11.2024 04:02:42
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
CVE-2017-16782
- EPSS 0.77%
- Veröffentlicht 10.11.2017 23:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.