Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown
CVE-2022-2930
Disclosure Date: August 22, 2022 (last updated October 08, 2023)
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
0
Attacker Value
Unknown
CVE-2022-2822
Disclosure Date: August 15, 2022 (last updated October 08, 2023)
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
0
Attacker Value
Unknown
CVE-2022-1432
Disclosure Date: May 18, 2022 (last updated October 07, 2023)
Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
0
Attacker Value
Unknown
CVE-2022-1430
Disclosure Date: May 18, 2022 (last updated October 07, 2023)
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
0
Attacker Value
Unknown
CVE-2021-32560
Disclosure Date: May 11, 2021 (last updated November 28, 2024)
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
0
Attacker Value
Unknown
CVE-2021-32561
Disclosure Date: May 11, 2021 (last updated February 22, 2025)
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
0
Attacker Value
Unknown
CVE-2018-16710
Disclosure Date: September 07, 2018 (last updated November 08, 2023)
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.
0
