Octoprint

octoprint

Vendor: Octoprint • 23 CVEs

CVEs (23)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32561 1Octoprint 1Octoprint Nov 21, 2024 May 11, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
CVE-2021-32560 1Octoprint 1Octoprint Nov 21, 2024 May 11, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
CVE-2018-16710 1Octoprint 1Octoprint Nov 21, 2024 Sep 7, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documen...Show more OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.Show less