Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
embedthis vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-15689
Appweb prior to 7.2.2 and 8.x prior to 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
Embedthis Appweb
5
CVSSv2
CVE-2019-19240
Embedthis GoAhead prior to 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which...
Embedthis Goahead
6.8
CVSSv2
CVE-2020-15688
The HTTP Digest Authentication in the GoAhead web server prior to 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote malicious user to bypass authentication via capture-replay if TLS is not used to protect the underlying communication ...
Embedthis Goahead
5
CVSSv2
CVE-2021-43298
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webs...
Embedthis Goahead
7.5
CVSSv2
CVE-2017-1000471
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
Embedthis Goahead 4.0.0
5
CVSSv2
CVE-2021-33254
An issue exists in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows malicious users to cause a denial of service via the stream paramter to the parseUri function.
Embedthis Appweb 8.2.1
5
CVSSv2
CVE-2019-16645
An issue exists in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
Embedthis Goahead 2.5.0
1 EDB exploit
NA
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 secti...
Embedthis Goahead 2.1.8
5
CVSSv2
CVE-2017-1000470
EmbedThis GoAhead Webserver versions 4.0.0 and previous versions is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
Embedthis Goahead Web Server 4.0.0
5
CVSSv2
CVE-2018-15505
An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']...
Embedthis Appweb
Embedthis Goahead
Juniper Junos 15.1
Juniper Junos 16.1
Juniper Junos 12.3
Juniper Junos 15.1x53
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 16.2
Juniper Junos 17.2
Juniper Junos 17.1
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »