Vulnerabilities > Embedthis > Goahead > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-23 | CVE-2020-15688 | Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. | 8.8 |
| 2019-12-03 | CVE-2019-5097 | Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 7.5 |
| 2019-09-20 | CVE-2019-16645 | Code Injection vulnerability in Embedthis Goahead 2.5.0 An issue was discovered in Embedthis GoAhead 2.5.0. | 8.6 |
| 2019-06-14 | CVE-2019-12822 | Expression Language Injection vulnerability in Embedthis Goahead In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | 7.5 |
| 2018-08-18 | CVE-2018-15505 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. | 7.5 |
| 2018-08-18 | CVE-2018-15504 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. | 7.5 |
| 2017-12-12 | CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | 8.1 |
| 2017-09-05 | CVE-2017-14149 | NULL Pointer Dereference vulnerability in Embedthis Goahead GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | 7.5 |
| 2017-03-13 | CVE-2017-5675 | Command Injection vulnerability in Embedthis Goahead A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. | 8.8 |