Known Vulnerabilities for products from Yaws
Listed below are 11 of the newest known vulnerabilities associated with the vendor "Yaws".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-24916 json | CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | 9.8 - CRITICAL | 2020-09-09 | 2022-12-06 |
| CVE-2020-24379 json | WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | 9.8 - CRITICAL | 2020-09-09 | 2022-12-06 |
| CVE-2020-12872 json | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 att... | 5.5 - MEDIUM | 2020-05-15 | 2023-11-07 |
| CVE-2017-10974 json | Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CV... | Not Provided | 2017-07-07 | 2025-04-20 |
| CVE-2016-1000108 json | yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI ... | 6.1 - MEDIUM | 2019-12-10 | 2020-08-18 |
| CVE-2011-5025 json | Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arb... | Not Provided | 2011-12-29 | 2026-04-29 |
| CVE-2011-4350 json | Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could us... | 6.5 - MEDIUM | 2019-11-26 | 2020-08-18 |
| CVE-2010-4181 json | Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) an... | Not Provided | 2010-11-04 | 2026-04-29 |
| CVE-2009-4495 json | Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify... | Not Provided | 2010-01-13 | 2026-04-23 |
| CVE-2009-0751 json | Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a lar... | Not Provided | 2009-03-02 | 2026-04-23 |
| CVE-2005-2008 json | Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw scr... | Not Provided | 2005-06-17 | 2025-04-03 |
Known software with vulnerabilities from Yaws
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Yaws | Yaws | 1.81 |