CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40518
https://notcve.org/view.php?id=CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. • https://openlitespeed.org/release-log/version-1-7-x https://www.litespeedtech.com/products/litespeed-web-server/release-log •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0074 – Privilege Escalation in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. Vulnerabilidad de Untrusted Search Path en LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0073 – Authenticated Remote Code Execution in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. Vulnerabilidad de Improper Input Validation en los dashboards de LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565 https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-0072 – Directory Traversal in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la 1.7.16.1. • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061 https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 15%CPEs: 1EXPL: 3CVE-2021-26758
https://notcve.org/view.php?id=CVE-2021-26758
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. Una Escalada de privilegios en el servidor web LiteSpeed ??Technologies OpenLiteSpeed ??versión 1.7.8, permite a atacantes obtener acceso terminal root y ejecutar comandos en el sistema host • https://docs.unsafe-inline.com/0day/openlitespeed-web-server-1.7.8-command-injection-to-privilege-escalation-cve-2021-26758 https://github.com/litespeedtech/openlitespeed/issues/217 https://www.exploit-db.com/exploits/49556 • CWE-269: Improper Privilege Management •