CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41896 – Fake websocket server installation permits full takeover in Home Assistant Core
https://notcve.org/view.php?id=CVE-2023-41896
19 Oct 2023 — Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `hassUrl`, which is subsequently utilized to establish a WebSocket connection. This behavior permits an attacker to create a malicious Home Assistant link with a modified state parameter that forces the frontend to connect to an alter... • https://github.com/home-assistant/core/security/advisories/GHSA-935v-rmg9-44mw • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41897 – Lack of XFO header allows clickjacking in Home Assistant Core
https://notcve.org/view.php?id=CVE-2023-41897
19 Oct 2023 — Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on wi... • https://github.com/home-assistant/core/security/advisories/GHSA-935v-rmg9-44mw • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41899 – Partial Server-Side Request Forgery in Home Assistant Core
https://notcve.org/view.php?id=CVE-2023-41899
19 Oct 2023 — Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgr... • https://github.com/home-assistant/core/security/advisories/GHSA-4r74-h49q-rr3h • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41898 – Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android
https://notcve.org/view.php?id=CVE-2023-41898
19 Oct 2023 — Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/home-assistant/core/security/advisories/GHSA-jvpm-q3hq-86rg • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44385 – Client-Side Request Forgery in Home Assistant iOS/macOS native Apps
https://notcve.org/view.php?id=CVE-2023-44385
19 Oct 2023 — The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 20%CPEs: 2EXPL: 0CVE-2023-27482
https://notcve.org/view.php?id=CVE-2023-27482
08 Mar 2023 — homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, whic... • https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0279 – Media Library Assistant < 3.06 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2023-0279
16 Feb 2023 — The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. The Media Library Assistant for WordPress is vulnerable to SQL Injection via the ‘post_types’ parameter in versions up to, and including, 3.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for... • https://bulletin.iese.de/post/media-library-assistant_3-05_1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31541
https://notcve.org/view.php?id=CVE-2022-31541
11 Jul 2022 — The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio lyubolp/Barry-Voice-Assistant versiones hasta 18-01-2021 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 11CVE-2020-36517
https://notcve.org/view.php?id=CVE-2020-36517
07 Mar 2022 — An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. Una filtrado de información en Nabu Casa Home Assistant Operating System and Home Assistant Supervised versión 2022.03, permite que un operador de DNS obtenga conocimientos sobre los recursos de la red interna por medio de la configuración del DNS embebida • https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3152
https://notcve.org/view.php?id=CVE-2021-3152
21 Jan 2021 — Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation ** EN DISPUTADA ** Home Assistant versiones anteriores a 2021.1.3, no presenta una capa de protección que pueda ayudar a impedi... • https://www.home-assistant.io/blog/2021/01/14/security-bulletin • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •