Vulnerabilities > BOA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-45956 | Incorrect Authorization vulnerability in BOA 0.94.13/0.94.14 Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | 5.3 |
| 2019-10-11 | CVE-2018-21028 | Missing Release of Resource after Effective Lifetime vulnerability in BOA Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | 5.0 |
| 2010-01-13 | CVE-2009-4496 | Improper Input Validation vulnerability in BOA 0.94.14Rc21 Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | 5.0 |
| 2000-12-19 | CVE-2000-0920 | Unspecified vulnerability in BOA Webserver Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. | 5.0 |