Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
home-assistant home-assistant vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27482
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or...
Home-assistant Supervisor
Home-assistant Home-assistant
5
CVSSv2
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
Home-assistant Home-assistant 2022.03
6.8
CVSSv2
CVE-2021-45099
The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) prior to 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-i...
Ssh \\& Web Terminal Project Ssh \\& Web Terminal
5
CVSSv2
CVE-2021-3152
Home Assistant prior to 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home...
Home-assistant Home-assistant
5
CVSSv2
CVE-2018-21019
Home Assistant prior to 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated malicious user to read the application's error log via components/api.py.
Home-assistant Home-assistant
4.3
CVSSv2
CVE-2017-16782
In Home Assistant prior to 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
Home-assistant Home-assistant
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2