Skip to main content

Kodi

6 CVEs product

Monthly

CVE-2023-30207 MEDIUM POC PATCH This Month

A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Kodi
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23082 MEDIUM POC PATCH This Month

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Kodi
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2021-42917 MEDIUM POC PATCH This Month

Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Kodi
NVD GitHub
CVSS 3.1
5.5
EPSS
1.9%
CVE-2018-8831 MEDIUM POC THREAT This Month

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kodi
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
53.9%
CVE-2017-8314 MEDIUM PATCH This Month

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kodi Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
2.5%
CVE-2017-5982 HIGH POC THREAT Act Now

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%.

Path Traversal Kodi
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
86.4%
Threat
5.6
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Kodi
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Kodi
NVD GitHub
EPSS 54% CVSS 6.1
MEDIUM POC THREAT This Month

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kodi
NVD Exploit-DB
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kodi Debian Linux
NVD GitHub
EPSS 86% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%.

Path Traversal Kodi
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy