Vulnerabilities > Embedthis > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2021-42342 | Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. | 7.5 |
| 2020-07-23 | CVE-2020-15688 | Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. | 8.8 |
| 2020-07-13 | CVE-2020-15689 | NULL Pointer Dereference vulnerability in Embedthis Appweb Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. | 7.5 |
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 7.5 |
| 2018-08-18 | CVE-2018-15505 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. | 7.5 |
| 2018-08-18 | CVE-2018-15504 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. | 7.5 |
| 2018-01-03 | CVE-2017-1000471 | NULL Pointer Dereference vulnerability in Embedthis Goahead 4.0.0 EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. | 7.5 |
| 2017-12-12 | CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | 8.1 |
| 2015-03-31 | CVE-2014-9707 | Code vulnerability in Embedthis Goahead EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . | 7.5 |