Openlitespeed
Monthly
OpenLiteSpeed and LSWS Enterprise web servers contain an OS command injection vulnerability that allows attackers with administrative privileges to execute arbitrary system commands. All versions of both products are affected according to EUVD data. While requiring high privileges limits the attack surface, successful exploitation grants complete system control with high impact to confidentiality, integrity, and availability (CVSS 7.2).
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenLiteSpeed and LSWS Enterprise web servers contain an OS command injection vulnerability that allows attackers with administrative privileges to execute arbitrary system commands. All versions of both products are affected according to EUVD data. While requiring high privileges limits the attack surface, successful exploitation grants complete system control with high impact to confidentiality, integrity, and availability (CVSS 7.2).
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.