- EPSS 88.57%
- Veröffentlicht 08.03.2023 18:15:11
- Zuletzt bearbeitet 21.11.2024 07:52:59
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that u...
CVE-2020-36517
- EPSS 1.85%
- Veröffentlicht 10.03.2022 17:41:21
- Zuletzt bearbeitet 21.11.2024 05:29:44
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
CVE-2021-3152
- EPSS 0.4%
- Veröffentlicht 26.01.2021 18:16:27
- Zuletzt bearbeitet 21.11.2024 06:21:00
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by thi...
CVE-2018-21019
- EPSS 1.33%
- Veröffentlicht 23.09.2019 16:15:14
- Zuletzt bearbeitet 21.11.2024 04:02:42
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
CVE-2017-16782
- EPSS 0.31%
- Veröffentlicht 10.11.2017 23:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.