Latest pi-hole pi-hole Vulnerabilities

CVE-2021-32793
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blockli...
Pi-hole Pi-hole<5.5.1
CVE-2021-32706
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match f...
Pi-hole Pi-hole<5.5.1
CVE-2021-29448
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the netw...
Pi-hole Ftldns=5.7
Pi-hole Pi-hole=5.2.4
Pi-hole Web Interface<5.5
CVE-2021-29449
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the refere...
Pi-hole Pi-hole<=5.2.4
CVE-2020-35592
Pi-hole Pi-hole=5.0
Pi-hole Pi-hole=5.1
Pi-hole Pi-hole=5.1.1
CVE-2020-35659
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to exec...
Pi-hole Pi-hole<5.2.2
CVE-2020-14162
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root a...
Pi-hole Pi-hole<5.1
CVE-2020-12620
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address).
Pi-hole Pi-hole<5.0
CVE-2020-8816
Pi-Hole AdminLTE Remote Code Execution Vulnerability
Pi-hole Pi-hole<=4.3.2
CVE-2020-11108
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Als...
Pi-hole Pi-hole<=4.4
CVE-2019-13051
Pi-Hole 4.3 allows Command Injection.
Pi-hole Pi-hole=4.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203