Vulnerabilities > Embedthis > Goahead > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-42342 Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5.
network
low complexity
embedthis CWE-434
7.5
2020-07-23 CVE-2020-15688 Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks.
network
low complexity
embedthis CWE-294
8.8
2019-12-03 CVE-2019-5096 Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.
network
low complexity
embedthis CWE-416
7.5
2018-08-18 CVE-2018-15505 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
2018-08-18 CVE-2018-15504 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
2018-01-03 CVE-2017-1000471 NULL Pointer Dereference vulnerability in Embedthis Goahead 4.0.0
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
network
low complexity
embedthis CWE-476
7.5
2017-12-12 CVE-2017-17562 Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
network
high complexity
embedthis oracle
8.1
2015-03-31 CVE-2014-9707 Code vulnerability in Embedthis Goahead
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a .
network
low complexity
embedthis CWE-17
7.5