Search CVE reports
1 – 10 of 11 results
CVE-2022-45956
Medium priorityBoa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | Not in release | Not in release | Not in release | Ignored |
CVE-2022-44117
Medium priority** DISPUTED ** Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | Not in release | Not in release | Not in release | Ignored |
CVE-2021-33558
Medium priority** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third...
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | Not in release | Not in release | Not in release | Ignored |
CVE-2018-21028
Medium priorityNot in release
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | — | — | Not in release | Not in release |
CVE-2018-21027
Medium priorityNot in release
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | — | — | Not in release | Not in release |
CVE-2019-9976
Medium priorityNot in release
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | — | — | Not in release | Not in release |
CVE-2018-19865
Low priorityA keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
1 affected packages
qtvirtualkeyboard-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qtvirtualkeyboard-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2017-9833
Medium priorityNot in release
** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is...
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | — | — | Not in release | Not in release |
CVE-2016-4972
Medium priorityOpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5...
3 affected packages
murano, murano-dashboard, python-muranoclient
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
murano | Not affected | Not affected | Not affected | Not affected | Vulnerable |
murano-dashboard | Not affected | Not affected | Not affected | Not affected | Vulnerable |
python-muranoclient | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2009-4496
Negligible prioritySome fixes available 1 of 14
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request...
1 affected packages
boa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
boa | — | — | — | — | Not in release |