Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
embedthis appweb vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
7.5
CVSSv3
CVE-2021-33254
An issue exists in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows malicious users to cause a denial of service via the stream paramter to the parseUri function.
Embedthis Appweb 8.2.1
7.5
CVSSv3
CVE-2020-15689
Appweb prior to 7.2.2 and 8.x prior to 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
Embedthis Appweb
7.5
CVSSv3
CVE-2018-15504
An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 1...
Embedthis Appweb
Embedthis Goahead
Juniper Junos 12.1x46
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 12.3
Juniper Junos 15.1
Juniper Junos 15.1x53
Juniper Junos 16.1
Juniper Junos 16.2
Juniper Junos 17.1
Juniper Junos 17.2
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
Juniper Junos 18.2
Juniper Junos 18.3
Juniper Junos 18.4
7.5
CVSSv3
CVE-2018-15505
An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']...
Embedthis Appweb
Embedthis Goahead
Juniper Junos 15.1
Juniper Junos 16.1
Juniper Junos 12.3
Juniper Junos 15.1x53
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 16.2
Juniper Junos 17.2
Juniper Junos 17.1
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
5.3
CVSSv3
CVE-2016-1258
Embedthis Appweb, as used in J-Web in Juniper Junos OS prior to 12.1X44-D60, 12.1X46 prior to 12.1X46-D45, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R10, 12.3X48 prior to 12.3X48-D20, 13.2X51 prior to 13.2X51-D20, 13.3 prior to 13.3R8, 14.1 prior to 14.1R6, and 14.2 prior t...
Juniper Junos 14.1
Juniper Junos 13.3
Juniper Junos 12.1x44
Juniper Junos 14.2
Juniper Junos 12.3
Juniper Junos 13.2x51
Juniper Junos 12.3x48
Juniper Junos 12.1x47
Juniper Junos 12.1x46
NA
CVE-2014-9708
Embedthis Appweb prior to 4.6.6 and 5.x prior to 5.2.1 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
Oracle Enterprise Communications Broker
Embedthis Appweb
Juniper Junos 12.1x46
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 12.3
Juniper Junos 15.1
Juniper Junos 15.1x53
Juniper Junos 16.1
Juniper Junos 16.2
Juniper Junos 17.1
Juniper Junos 17.2
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
Juniper Junos 18.2
Juniper Junos 18.3
Juniper Junos 18.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started