12 matches found
CVE-2022-0073
CVE-2022-0073 affects LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards. The vulnerability is an Improper Input Validation that enables Command Injection. Affected versions are OpenLiteSpeed Web Server 1.7.0.x up to 1.7.16.0 (and corresponding OpenLiteSpeed/LiteS...
CVE-2022-0074
CVE-2022-0074 affects LiteSpeed/OpenLiteSpeed Web Server and Container. Affected: OpenLiteSpeed Web Server and LiteSpeed Web Server Container, versions 1.6.15–before 1.7.16.1. Root cause: Untrusted Search Path, enabling Privilege Escalation. Impact: Privilege elevation as stated across Red Hat, N...
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding. Affected software: OpenLiteSpeed (web server). Root cause: mishandling of chunked encoding. Impact stated in sources is limited to the server misbehavior; no explicit exploitation details are provided in the documents. Mitigation: upgrade to...
CVE-2022-0072
CVE-2022-0072 is a Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards. Affected open-source and enterprise variants include OpenLiteSpeed/Web Server dashboards versions 1.5.11–1.5.12, 1.6.5–1.6.20.1, and 1.7.0–1.7.16.x; and Lit...
CVE-2020-5519
The CVE-2020-5519 issue affects OpenLiteSpeed’s WebAdmin Console prior to 1.6.5, where URL validation in the Server Configuration > External App screen is insufficient. This is documented across multiple sources as enabling potential code execution via the WebAdmin Console. A fixed version is ...
CVE-2021-26758
CVE-2021-26758 : Affected product is OpenLiteSpeed web server (LiteSpeed Technologies) v1.7.8. The vulnerability enables privilege escalation by attackers gaining root terminal access and executing commands on the host. NVD CVSSv3.1 base score 8.8 (HIGH; Network attack, low complexity, privileges...
CVE-2023-40518
LiteSpeed OpenLiteSpeed
CVE-2018-19791
LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...
CVE-2015-3890
CVE-2015-3890 applies to Open Litespeed before 1.3.10, described as a use-after-free vulnerability. Multiple connected sources characterize the issue as a memory misreference that could allow remote-triggered crashes or instability; one CNVD entry explicitly calls it a memory misreference vulnera...
CVE-2018-19792
The vulnerability CVE-2018-19792 affects LiteSpeed OpenLiteSpeed before 1.5.0 RC6. A buffer overflow in the server path resolution (LshttpdMain::getServerRootFromExecutablePath) can be triggered by creating a symlink with a long command name (involving ../../) and allows a local attacker to cause...
CVE-2025-54939
CVE-2025-54939 affects the LiteSpeed QUIC (LSQUIC) Library prior to 4.3.1, where a memory leak in the lsquic_engine_packet_in path can cause linear memory growth and potential DoS. The vulnerability is triggered by mis-handling coalesced QUIC Initial packets before a handshake, leading to memory ...
CVE-2026-31386
OpenLiteSpeed and LSWS Enterprise (LiteSpeed Technologies) are affected by CVE-2026-31386, an OS command injection (CWE-78). The vulnerability allows an arbitrary OS command to be executed by an attacker with administrative privileges. Public sources corroborate impact as arbitrary command execut...