Vulnerabilities > Embedthis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-08 | CVE-2021-41615 | Insufficient Entropy vulnerability in Embedthis Goahead 2.1.8 websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). | 9.8 |
| 2022-06-02 | CVE-2021-33254 | NULL Pointer Dereference vulnerability in Embedthis Appweb 8.2.1 An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. | 7.5 |
| 2022-01-25 | CVE-2021-43298 | Improper Restriction of Excessive Authentication Attempts vulnerability in Embedthis Goahead The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. | 9.8 |
| 2021-10-14 | CVE-2021-42342 | Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. | 9.8 |
| 2020-07-23 | CVE-2020-15688 | Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. | 8.8 |
| 2020-07-13 | CVE-2020-15689 | NULL Pointer Dereference vulnerability in Embedthis Appweb Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. | 7.5 |
| 2019-12-03 | CVE-2019-5097 | Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 7.5 |
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 9.8 |
| 2019-11-22 | CVE-2019-19240 | Use of Uninitialized Resource vulnerability in Embedthis Goahead Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. | 5.3 |
| 2019-09-20 | CVE-2019-16645 | Code Injection vulnerability in Embedthis Goahead 2.5.0 An issue was discovered in Embedthis GoAhead 2.5.0. | 8.6 |