Openelec vulnerabilities
2 known vulnerabilities affecting openelec/openelec.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-6025P3MEDIUMCVSS 6.8PoC≤ 3.01v2.02+1 more2009-02-03
CVE-2008-6025 [MEDIUM] CWE-22 CVE-2008-6025: Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attacke
Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.
nvd
CVE-2017-6445P3HIGHCVSS 8.1v6.0.3v7.0.12017-03-05
CVE-2017-6445 [HIGH] CWE-311 CVE-2017-6445: The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
nvd