Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6445 | 1 Openelec | 1 Openelec | 2023-12-10 | 7.6 HIGH | 8.1 HIGH |
| The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely. | |||||
| CVE-2016-2230 | 1 Openelec | 1 Openelec | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |||||
| CVE-2008-6025 | 1 Openelec | 1 Openelec | 2023-12-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter. | |||||