CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2022/05/21 12:4 a.m.•56 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS

Exploits3References1

Tenable Nessus•added 2020/10/19 12:0 a.m.•42 views

Debian DSA-4773-1 : yaws - security update

Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. - CVE-2020-24379 The WebDAV implementation is prone to a XML External Entity XXE injection vulnerability. - CVE-2020-24916 The CGI implementation does not properly sanitize CGI requests allowing ...

10CVSS8.5AI score0.17374EPSS

Exploits4References7

OpenVAS•added 2020/10/17 12:0 a.m.•19 views

Debian: Security Advisory (DSA-4773-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.17374EPSS

Exploits4References4

Ubuntu•added 2020/10/05 1:32 p.m.•83 views

USN-4569-1: Yaws vulnerabilities

It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...

10CVSS8.4AI score0.17374EPSS

Exploits4

OpenVAS•added 2020/09/27 12:0 a.m.•19 views

Debian: Security Advisory (DLA-2384-1)

10CVSS9.6AI score0.17374EPSS

Exploits4References4

ArchLinux•added 2020/09/26 12:0 a.m.•34 views

[ASA-202009-14] yaws: multiple issues

Arch Linux Security Advisory ASA-202009-14 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-12872 CVE-2020-24379 CVE-2020-24916 Package : yaws Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1228 Summary ======= The packag...

10CVSS1.8AI score0.17374EPSS

Exploits5References13

NVD•added 2020/09/09 7:15 p.m.•17 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS0.17374EPSS

Exploits3References7

OSV•added 2020/09/09 7:15 p.m.•19 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

9.8CVSS7AI score

Exploits0References7

UbuntuCve•added 2020/09/09 7:15 p.m.•51 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS7.2AI score0.17374EPSS

Exploits3References4

CVE•added 2020/09/09 6:10 p.m.•132 views

CVE-2020-24916

CVE-2020-24916 affects the Yaws web server CGI implementation, with versions 1.81–2.0.7 vulnerable. The root cause is that CGI requests are not properly sanitized, enabling a remote attacker to execute arbitrary shell commands by crafting CGI executable names. This is a remote, unauthenticated co...

10CVSS9.4AI score0.17374EPSS

Exploits3References7Affected Software1

Debian CVE•added 2020/09/09 6:10 p.m.•24 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS

Exploits3

Packet Storm•added 2020/09/08 12:0 a.m.•679 views

Yaws 2.0.7 XML Injection / Command Injection

Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin （vulnbe） Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...

0.1AI score0.17374EPSS

Exploits4