Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-24573
BAB TECHNOLOGIE GmbH eibPort V3 before 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.
Bab-technologie Eibport Firmware
5
CVSSv2
CVE-2019-5149
The WBM web application on firmwares before 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of ...
Wago Pfc200 Firmware 03.00.39\\(12\\)
Wago Pfc200 Firmware 03.01.07\\(13\\)
Wago Pfc100 Firmware 03.00.39\\(12\\)
Wago Pfc100 Firmware 03.01.07\\(13\\)
4.3
CVSSv2
CVE-2013-3619
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interfa...
Supermicro Smt X9 Firmware
Supermicro Smt X8 Firmware
Citrix Netscaler Sdx Firmware 10
Citrix Netscaler Firmware -
Citrix Netscaler Sd-wan Firmware -
NA
CVE-2007-2841
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and descriptions in this candidate have ...
7.5
CVSSv2
CVE-2019-11072
lighttpd prior to 1.4.54 has a signed integer overflow, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_...
Lighttpd Lighttpd
2 Github repositories
7.5
CVSSv2
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 prior to 1.0.3.219 Beta, and GXV3240 prior to 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a...
Grandstream Gac2500 Firmware
Grandstream Gvc3202 Firmware
Grandstream Gxv3275 Firmware
Grandstream Gxv3240 Firmware
Grandstream Gxp2200 Firmware
5
CVSSv2
CVE-2018-19052
An issue exists in mod_alias_physical_handler in mod_alias.c in lighttpd prior to 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, b...
Lighttpd Lighttpd
Opensuse Backports Sle 15.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Suse Linux Enterprise Server 11
Suse Suse Linux Enterprise Server 12
Debian Debian Linux 9.0
3 Github repositories
1.9
CVSSv2
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
6.5
CVSSv2
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated malicious users to upload and execute arbitrary PHP code via a filename with a .php extension, which is then ac...
Hanwhasecurity Web Viewer 1.0.0.193
1 EDB exploit
1 Github repository
NA
CVE-2016-1000212
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or i...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »