Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33558 | 1 Boa | 1 Boa | 2023-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa. | |||||
| CVE-2017-9833 | 1 Boa | 1 Boa | 2023-02-14 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. | |||||
| CVE-2022-45956 | 1 Boa | 1 Boa | 2022-12-15 | N/A | 5.3 MEDIUM |
| Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | |||||
| CVE-2022-44117 | 1 Boa | 1 Boa | 2022-11-28 | N/A | 9.8 CRITICAL |
| Boa 0.94.14rc21 is vulnerable to SQL Injection via username. | |||||
| CVE-2018-21027 | 1 Boa | 1 Boa | 2019-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | |||||
| CVE-2018-21028 | 1 Boa | 1 Boa | 2019-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | |||||
| CVE-2009-4496 | 1 Boa | 1 Boa | 2018-10-10 | 5.0 MEDIUM | N/A |
| Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||
| CVE-2016-9564 | 1 Boa | 1 Boa | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | |||||