Skip to main content

Supervisor

3 CVEs product

Monthly

CVE-2023-27482 CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker Home Assistant Supervisor
NVD GitHub
CVSS 3.1
10.0
EPSS
72.0%
CVE-2019-12105 PyPI HIGH PATCH This Week

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Supervisor
NVD GitHub
CVSS 3.1
8.2
EPSS
2.3%
CVE-2017-11610 PyPI HIGH POC PATCH THREAT Act Now

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

Privilege Escalation Supervisor Fedora Debian Linux Cloudforms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
93.8%
Threat
6.1
EPSS 72% CVSS 10.0
CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker +2
NVD GitHub
EPSS 2% CVSS 8.2
HIGH PATCH This Week

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Supervisor
NVD GitHub
EPSS 94% 6.1 CVSS 8.8
HIGH POC PATCH THREAT Act Now

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

Privilege Escalation Supervisor Fedora +2
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy