Acme
Products by Acme Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 1 vulnerability in Acme with an average score of 7.5 out of ten. Acme did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 7.50 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 6.50 |
It may take a day or so for new Acme vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Acme Security Vulnerabilities
A vulnerability was found in ACME Ultra Mini HTTPd 1.21
CVE-2024-0263
7.5 - High
- January 07, 2024
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.
Improper Resource Shutdown or Release
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
CVE-2018-18778
6.5 - Medium
- October 29, 2018
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
Information Disclosure
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers
CVE-2014-4927
- July 24, 2014
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
Buffer Overflow
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which
CVE-2013-0348
- December 13, 2013
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
Permissions, Privileges, and Access Controls
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might
CVE-2009-4491
- January 13, 2010
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Improper Input Validation
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests
CVE-2003-0899
9.8 - Critical
- November 03, 2003
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Incorrect Calculation of Buffer Size
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20
CVE-2001-1496
9.8 - Critical
- December 31, 2001
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
off-by-five
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled
CVE-2001-0892
- November 13, 2001
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
Exposure of Resource to Wrong Sphere