Lucene search
K
LitespeedtechOpenlitespeed

12 matches found

CVE
CVE
added 2022/10/27 7:30 p.m.291 views

CVE-2022-0073

CVE-2022-0073 affects LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards. The vulnerability is an Improper Input Validation that enables Command Injection. Affected versions are OpenLiteSpeed Web Server 1.7.0.x up to 1.7.16.0 (and corresponding OpenLiteSpeed/LiteS...

8.8CVSS8.8AI score0.08663EPSS
In wild
CVE
CVE
added 2022/10/27 7:32 p.m.202 views

CVE-2022-0074

CVE-2022-0074 affects LiteSpeed/OpenLiteSpeed Web Server and Container. Affected: OpenLiteSpeed Web Server and LiteSpeed Web Server Container, versions 1.6.15–before 1.7.16.1. Root cause: Untrusted Search Path, enabling Privilege Escalation. Impact: Privilege elevation as stated across Red Hat, N...

8.8CVSS8.8AI score0.01154EPSS
In wild
CVE
CVE
added 2024/05/22 5:42 p.m.123 views

CVE-2024-31617

OpenLiteSpeed before 1.8.1 mishandles chunked encoding. Affected software: OpenLiteSpeed (web server). Root cause: mishandling of chunked encoding. Impact stated in sources is limited to the server misbehavior; no explicit exploitation details are provided in the documents. Mitigation: upgrade to...

5.3CVSS6.8AI score0.00438EPSS
CVE
CVE
added 2022/10/27 7:28 p.m.78 views

CVE-2022-0072

CVE-2022-0072 is a Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards. Affected open-source and enterprise variants include OpenLiteSpeed/Web Server dashboards versions 1.5.11–1.5.12, 1.6.5–1.6.20.1, and 1.7.0–1.7.16.x; and Lit...

5.8CVSS6.1AI score0.00971EPSS
CVE
CVE
added 2020/01/06 12:54 p.m.73 views

CVE-2020-5519

The CVE-2020-5519 issue affects OpenLiteSpeed’s WebAdmin Console prior to 1.6.5, where URL validation in the Server Configuration > External App screen is insufficient. This is documented across multiple sources as enabling potential code execution via the WebAdmin Console. A fixed version is ...

9.8CVSS9.4AI score0.01197EPSS
CVE
CVE
added 2021/04/07 8:50 p.m.54 views

CVE-2021-26758

CVE-2021-26758 : Affected product is OpenLiteSpeed web server (LiteSpeed Technologies) v1.7.8. The vulnerability enables privilege escalation by attackers gaining root terminal access and executing commands on the host. NVD CVSSv3.1 base score 8.8 (HIGH; Network attack, low complexity, privileges...

9CVSS9AI score0.02707EPSS
CVE
CVE
added 2023/08/14 12:0 a.m.51 views

CVE-2023-40518

LiteSpeed OpenLiteSpeed

7.5CVSS7.5AI score0.00545EPSS
CVE
CVE
added 2018/12/03 6:0 a.m.50 views

CVE-2018-19791

LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...

6.5CVSS6.4AI score0.01239EPSS
CVE
CVE
added 2017/09/20 6:0 p.m.42 views

CVE-2015-3890

CVE-2015-3890 applies to Open Litespeed before 1.3.10, described as a use-after-free vulnerability. Multiple connected sources characterize the issue as a memory misreference that could allow remote-triggered crashes or instability; one CNVD entry explicitly calls it a memory misreference vulnera...

7.5CVSS7.5AI score0.01059EPSS
CVE
CVE
added 2018/12/03 6:0 a.m.41 views

CVE-2018-19792

The vulnerability CVE-2018-19792 affects LiteSpeed OpenLiteSpeed before 1.5.0 RC6. A buffer overflow in the server path resolution (LshttpdMain::getServerRootFromExecutablePath) can be triggered by creating a symlink with a long command name (involving ../../) and allows a local attacker to cause...

6.7CVSS7AI score0.00428EPSS
CVE
CVE
added 2025/08/01 12:0 a.m.38 views

CVE-2025-54939

CVE-2025-54939 affects the LiteSpeed QUIC (LSQUIC) Library prior to 4.3.1, where a memory leak in the lsquic_engine_packet_in path can cause linear memory growth and potential DoS. The vulnerability is triggered by mis-handling coalesced QUIC Initial packets before a handshake, leading to memory ...

7.5CVSS7.2AI score0.00766EPSS
CVE
CVE
added 2026/03/16 5:21 a.m.18 views

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise (LiteSpeed Technologies) are affected by CVE-2026-31386, an OS command injection (CWE-78). The vulnerability allows an arbitrary OS command to be executed by an attacker with administrative privileges. Public sources corroborate impact as arbitrary command execut...

8.6CVSS7.1AI score0.01513EPSS