CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45956
https://notcve.org/view.php?id=CVE-2022-45956
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. Las versiones 0.94.13 a 0.94.14 de Boa Web Server no validan la restricción de seguridad correcta en el método HEAD HTTP, lo que permite a todos omitir el mecanismo Basic Authorization. • https://packetstormsecurity.com/files/169962/Boa-Web-Server-0.94.13-0.94.14-Authentication-Bypass.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33558
https://notcve.org/view.php?id=CVE-2021-33558
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa. Boa versión 0.94.13 permite a atacantes remotos obtener información confidencial por medio de una configuración incorrecta que involucra los archivos backup.html, preview.html, js/log.js, log.html, email.html, online-users.html y config.js • https://github.com/mdanzaruddin/CVE-2021-33558. https://github.com/anldori/CVE-2021-33558 https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 https://sourceforge.net/projects/boa/files/boa/0.94.13 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21028
https://notcve.org/view.php?id=CVE-2018-21028
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. Boa versiones hasta 0.94.14rc21, permite a atacantes remotos activar una pérdida de memoria debido a llamadas perdidas a la función free. • https://github.com/gpg/boa/pull/1 https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21027
https://notcve.org/view.php?id=CVE-2018-21027
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. Boa versiones hasta 0.94.14rc21, permite a atacantes remotos desencadenar una condición fuera de la memoria (OOM) porque malloc es manejada inapropiadamente. • https://github.com/gpg/boa/pull/1 https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •