VYPR

Kodi

by Kodi

CVEs (5)

  • CVE-2017-5982HigFeb 28, 2017
    risk 0.58cvss 7.5epss 0.78

    Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

  • CVE-2018-8831MedApr 18, 2018
    risk 0.47cvss 6.1epss 0.54

    A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

  • CVE-2017-8314MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.02

    Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

  • CVE-2023-30207MedJul 5, 2023
    risk 0.00cvss 5.5epss 0.00

    A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.

  • CVE-2023-23082MedFeb 3, 2023
    risk 0.00cvss 4.6epss 0.01

    A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.