CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46800 – WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46800
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. The LiteSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rest_api_init function in versions up to, and including, 5.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate or deactivate arbitrary crawlers. • https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0074 – Privilege Escalation in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. Vulnerabilidad de Untrusted Search Path en LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0073 – Authenticated Remote Code Execution in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. Vulnerabilidad de Improper Input Validation en los dashboards de LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565 https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/dist/admin/html.open/lib/CValidation.php#L565 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-0072 – Directory Traversal in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la 1.7.16.1. • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061 https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30592
https://notcve.org/view.php?id=CVE-2022-30592
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. El archivo liblsquic/lsquic_qenc_hdl.c en LiteSpeed QUIC (también se conoce como LSQUIC) versiones anteriores a 3.1.0, maneja inapropiadamente MAX_TABLE_CAPACITY • https://github.com/litespeedtech/lsquic/commit/a74702c630e108125e71898398737baec8f02238#diff-73a138506faffe5f1efa8586346ab573c88e9dd2097774ecca5949a718a57cae https://github.com/litespeedtech/lsquic/releases/tag/v3.1.0 • CWE-476: NULL Pointer Dereference •