Lucene search

K

Hue Security Vulnerabilities

cve
cve

CVE-2023-42189

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial....

7.5CVSS

7.2AI Score

0.003EPSS

2023-10-10 03:15 AM
21
cve
cve

CVE-2018-11649

Hue 3.12 has XSS via the /pig/save/ name and script...

6.1CVSS

6AI Score

0.001EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2021-29994

Cloudera Hue 4.6.0 allows...

6.1CVSS

6.2AI Score

0.001EPSS

2021-11-08 01:15 PM
19
cve
cve

CVE-2021-32481

Cloudera Hue 4.6.0 allows XSS via the type...

6.1CVSS

5.9AI Score

0.001EPSS

2021-11-08 01:15 PM
21
cve
cve

CVE-2018-7580

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of...

7.5CVSS

7.4AI Score

0.015EPSS

2020-12-21 09:15 PM
54
2
cve
cve

CVE-2020-6007

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code...

7.9CVSS

8AI Score

0.002EPSS

2020-01-23 10:15 PM
133
cve
cve

CVE-2015-8094

Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next...

6.1CVSS

6.2AI Score

0.003EPSS

2018-05-22 06:29 PM
16
cve
cve

CVE-2017-14797

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic...

7.5CVSS

7.4AI Score

0.003EPSS

2017-10-01 01:29 AM
26
cve
cve

CVE-2016-4946

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users...

6.1CVSS

6AI Score

0.001EPSS

2017-03-07 04:59 PM
14
cve
cve

CVE-2016-4947

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to...

5.3CVSS

5.2AI Score

0.002EPSS

2017-03-07 04:59 PM
18