Filtered by vendor Debian
Subscriptions
Filtered by product Freedombox
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68462 | 1 Debian | 1 Freedombox | 2025-12-18 | 3.2 Low |
| Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. | ||||
| CVE-2020-25073 | 1 Debian | 1 Freedombox | 2024-11-21 | 5.3 Medium |
| FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | ||||
Page 1 of 1.