CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36814
https://notcve.org/view.php?id=CVE-2024-36814
08 Oct 2024 — An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. • https://github.com/AdguardTeam/AdGuardHome • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36586
https://notcve.org/view.php?id=CVE-2024-36586
13 Jun 2024 — An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. Un problema en AdGuardHome v0.93 a la última versión permite a atacantes sin privilegios escalar privilegios sobrescribiendo el binario de AdGuardHome. • https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41173
https://notcve.org/view.php?id=CVE-2023-41173
25 Aug 2023 — AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. • https://adguard-dns.io/en/versions.html#2.2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45770
https://notcve.org/view.php?id=CVE-2022-45770
26 Jan 2023 — Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. • https://github.com/Marsel-marsel/CVE-2022-45770 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 2CVE-2022-32175 – AdGuardHome - CSRF
https://notcve.org/view.php?id=CVE-2022-32175
11 Oct 2022 — In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. En AdGuardHome, versiones v0.95 hasta v0.108.0-b.13, son vulnerables a un ataque de tipo Cross-Site Request Forgery (CSRF), en la funcionalidad custom filtering rules. Un atacante puede persuadir a un usuario autorizado para que ... • https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27935
https://notcve.org/view.php?id=CVE-2021-27935
03 Mar 2021 — An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. Se detectó un problema en AdGuard anterior a la versión 0.105.2. Un atacante capaz de obtener la cookie del usuario puede forzar su contraseña fuera de línea, porque el hash de la contraseña es almacenado en la cookie • https://github.com/AdguardTeam/AdGuardHome/issues/2470 • CWE-522: Insufficiently Protected Credentials •