Vulnerabilities > Embedthis > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2021-33254 NULL Pointer Dereference vulnerability in Embedthis Appweb 8.2.1
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
network
low complexity
embedthis CWE-476
7.5
7.5
2020-07-23 CVE-2020-15688 Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks.
network
low complexity
embedthis CWE-294
8.8
8.8
2020-07-13 CVE-2020-15689 NULL Pointer Dereference vulnerability in Embedthis Appweb
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range.
network
low complexity
embedthis CWE-476
7.5
7.5
2019-12-03 CVE-2019-5097 Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.
network
low complexity
embedthis CWE-835
7.5
7.5
2019-09-20 CVE-2019-16645 Code Injection vulnerability in Embedthis Goahead 2.5.0
An issue was discovered in Embedthis GoAhead 2.5.0.
network
low complexity
embedthis CWE-94
8.6
8.6
2019-06-14 CVE-2019-12822 Expression Language Injection vulnerability in Embedthis Goahead
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
network
low complexity
embedthis CWE-917
7.5
7.5
2018-08-18 CVE-2018-15505 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
7.5
2018-08-18 CVE-2018-15504 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2.
network
low complexity
embedthis juniper CWE-476
7.5
7.5
2018-03-15 CVE-2018-8715 Improper Authentication vulnerability in Embedthis Appweb
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c.
network
high complexity
embedthis CWE-287
8.1
8.1
2018-01-03 CVE-2017-1000470 Integer Overflow or Wraparound vulnerability in Embedthis Goahead web Server 4.0.0
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
network
low complexity
embedthis CWE-190
7.5
7.5