Vulnerabilities > Embedthis

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-42342 Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5.
network
low complexity
embedthis CWE-434
7.5
2020-07-23 CVE-2020-15688 Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks.
network
embedthis CWE-294
6.8
2020-07-13 CVE-2020-15689 NULL Pointer Dereference vulnerability in Embedthis Appweb
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range.
network
low complexity
embedthis CWE-476
5.0
2019-12-03 CVE-2019-5097 Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.
network
low complexity
embedthis CWE-835
5.0
2019-12-03 CVE-2019-5096 Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.
network
low complexity
embedthis CWE-416
7.5
2019-11-22 CVE-2019-19240 Use of Uninitialized Resource vulnerability in Embedthis Goahead
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header.
network
low complexity
embedthis CWE-908
5.0
2019-09-20 CVE-2019-16645 Code Injection vulnerability in Embedthis Goahead 2.5.0
An issue was discovered in Embedthis GoAhead 2.5.0.
network
low complexity
embedthis CWE-94
5.0
2019-06-14 CVE-2019-12822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Embedthis Goahead
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
network
low complexity
embedthis CWE-119
5.0
2018-08-18 CVE-2018-15505 NULL Pointer Dereference vulnerability in Embedthis Appweb and Goahead
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis CWE-476
5.0
2018-08-18 CVE-2018-15504 NULL Pointer Dereference vulnerability in Embedthis Appweb and Goahead
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis CWE-476
5.0