Known Vulnerabilities for products from Embedthis
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Embedthis".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43298 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-01-25 | 2022-02-01 |
| CVE-2021-42342 | An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to ... | 9.8 - CRITICAL | 2021-10-14 | 2021-10-20 |
| CVE-2021-41615 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-08-08 | 2022-08-12 |
| CVE-2021-33254 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-06-02 | 2022-06-09 |
| CVE-2020-15689 | Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that la... | 7.5 - HIGH | 2020-07-13 | 2023-01-27 |
| CVE-2020-15688 | The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. Thi... | 8.8 - HIGH | 2020-07-23 | 2023-01-31 |
| CVE-2019-19240 | Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a ... | 5.3 - MEDIUM | 2019-11-22 | 2020-08-24 |
| CVE-2019-16645 | An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create l... | 8.6 - HIGH | 2019-09-20 | 2020-08-24 |
| CVE-2019-12822 | In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, o... | 7.5 - HIGH | 2019-06-14 | 2021-07-21 |
| CVE-2019-5097 | A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server ap... | 7.5 - HIGH | 2019-12-03 | 2022-06-17 |
| CVE-2019-5096 | An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead... | 9.8 - CRITICAL | 2019-12-03 | 2022-06-17 |
| CVE-2018-15505 | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially craf... | 7.5 - HIGH | 2018-08-18 | 2023-06-22 |
| CVE-2018-15504 | An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fi... | 7.5 - HIGH | 2018-08-18 | 2023-06-22 |
| CVE-2018-8715 | The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http... | 8.1 - HIGH | 2018-03-15 | 2020-02-17 |
| CVE-2017-1000471 | EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory ... | 9.8 - CRITICAL | 2018-01-03 | 2018-01-17 |
| CVE-2017-1000470 | EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in... | 7.5 - HIGH | 2018-01-03 | 2018-01-12 |
| CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This i... | 8.1 - HIGH | 2017-12-12 | 2018-04-20 |
| CVE-2017-14149 | GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a ... | 7.5 - HIGH | 2017-09-05 | 2017-09-05 |
| CVE-2017-5675 | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, ... | 8.8 - HIGH | 2017-03-13 | 2017-03-15 |
| CVE-2017-5674 | A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allo... | 9.8 - CRITICAL | 2017-03-13 | 2017-03-15 |