CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40518
https://notcve.org/view.php?id=CVE-2023-40518
14 Aug 2023 — LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. • https://openlitespeed.org/release-log/version-1-7-x •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0074 – Privilege Escalation in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0074
27 Oct 2022 — Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. Vulnerabilidad de Untrusted Search Path en LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29 • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-0073 – Authenticated Remote Code Execution in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0073
27 Oct 2022 — Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. Vulnerabilidad de Improper Input Validation en los dashboards de LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/dist/admin/html.open/lib/CValidation.php#L565 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-0072 – Directory Traversal in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0072
27 Oct 2022 — Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la... • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 3CVE-2021-26758
https://notcve.org/view.php?id=CVE-2021-26758
07 Apr 2021 — Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. Una Escalada de privilegios en el servidor web LiteSpeed ??Technologies OpenLiteSpeed ??versión 1.7.8, permite a atacantes obtener acceso terminal root y ejecutar comandos en el sistema host • https://docs.unsafe-inline.com/0day/openlitespeed-web-server-1.7.8-command-injection-to-privilege-escalation-cve-2021-26758 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5519
https://notcve.org/view.php?id=CVE-2020-5519
06 Jan 2020 — The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. La WebAdmin Console en OpenLiteSpeed ??versiones anteriores a la versión v1.6.5 no comprueba estrictamente las URL de petición, como es demostrado por la pantalla "Server Configuration > External App". • https://drive.google.com/open?id=1pSciFEfjHp3kN8y5shy_zosJo7dje_fX • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-19791
https://notcve.org/view.php?id=CVE-2018-19791
03 Dec 2018 — The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring. El servidor en LiteSpeed OpenLiteSpeed en versiones anteriores a la 1.5.0 RC6 no manipula correctamente las peticiones para secuencias de bytes, permitiendo a un atacante que amplíe el tamaño de la respuesta al ... • https://github.com/litespeedtech/openlitespeed/issues/117 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19792
https://notcve.org/view.php?id=CVE-2018-19792
03 Dec 2018 — The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function. El servidor en LiteSpeed OpenLiteSpeed en versiones anteriores a la 1.5.0 RC6 permite que los usuarios locales provoquen una denegación d... • https://github.com/litespeedtech/openlitespeed/issues/117 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3890
https://notcve.org/view.php?id=CVE-2015-3890
20 Sep 2017 — Use-after-free vulnerability in Open Litespeed before 1.3.10. Existe una vulnerabilidad de uso de memoria previamente liberada en Open Litespeed en versiones anteriores a la 1.3.10. • http://www.security-assessment.com/files/documents/advisory/Open%20Litespeed%20Use%20After%20Free%20Vulnerability.pdf • CWE-416: Use After Free •