Known Vulnerabilities for products from Embedthis
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Embedthis".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43298 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-01-25 | 2022-02-01 |
| CVE-2021-42342 json | An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to ... | 9.8 - CRITICAL | 2021-10-14 | 2021-10-20 |
| CVE-2021-41615 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-08-08 | 2022-08-12 |
| CVE-2021-33254 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-06-02 | 2022-06-09 |
| CVE-2020-15689 json | Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that la... | 7.5 - HIGH | 2020-07-13 | 2023-01-27 |
| CVE-2020-15688 json | The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. Thi... | 8.8 - HIGH | 2020-07-23 | 2023-01-31 |
| CVE-2019-19240 json | Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a ... | 5.3 - MEDIUM | 2019-11-22 | 2020-08-24 |
| CVE-2019-16645 json | An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create l... | 8.6 - HIGH | 2019-09-20 | 2020-08-24 |
| CVE-2019-12822 json | In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, o... | 7.5 - HIGH | 2019-06-14 | 2021-07-21 |
| CVE-2019-5097 json | A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server ap... | 7.5 - HIGH | 2019-12-03 | 2022-06-17 |
| CVE-2019-5096 json | An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead... | 9.8 - CRITICAL | 2019-12-03 | 2022-06-17 |
| CVE-2018-15505 json | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially craf... | 7.5 - HIGH | 2018-08-18 | 2023-06-22 |
| CVE-2018-15504 json | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fi... | 7.5 - HIGH | 2018-08-18 | 2023-06-22 |
| CVE-2018-8715 json | The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http... | 8.1 - HIGH | 2018-03-15 | 2020-02-17 |
| CVE-2017-1000471 json | EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory ... | 9.8 - CRITICAL | 2018-01-03 | 2018-01-17 |
| CVE-2017-1000470 json | EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in... | 7.5 - HIGH | 2018-01-03 | 2018-01-12 |
| CVE-2017-17562 json | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This i... | Not Provided | 2017-12-12 | 2026-04-21 |
| CVE-2017-14149 json | GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a ... | 7.5 - HIGH | 2017-09-05 | 2017-09-05 |
| CVE-2017-5675 json | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, ... | 8.8 - HIGH | 2017-03-13 | 2017-03-15 |
| CVE-2017-5674 json | A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allo... | 9.8 - CRITICAL | 2017-03-13 | 2017-03-15 |