RSS   Podatności dla 'Home-assistant'   RSS

2022-03-10
 
CVE-2020-36517

CWE-203
 

 
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.

 
2021-01-26
 
CVE-2021-3152

CWE-22
 

 
** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation.

 
2019-09-23
 
CVE-2018-21019

CWE-200
 

 
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

 
2017-11-10
 
CVE-2017-16782

CWE-79
 

 
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.

 


Copyright 2024, cxsecurity.com

 

Back to Top