Every CVE whose affected-product data names Embedthis Goahead, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2021-43298 — CVSS 9.8 (critical): The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no…
CVE-2019-5096 — CVSS 9.8 (critical): An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server…
CVE-2021-41615 — CVSS 9.8 (critical): websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded…
CVE-2021-42342 — CVSS 9.8 (critical): An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts…
CVE-2017-1000471 — CVSS 9.8 (critical): EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or…
CVE-2017-5674 — CVSS 9.8 (critical): A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker…
CVE-2017-5675 — CVSS 8.8 (high): A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple…
CVE-2020-15688 — CVSS 8.8 (high): The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an…
CVE-2019-16645 — CVSS 8.6 (high): An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links…
CVE-2019-12822 — CVSS 7.5 (high): In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds…
CVE-2017-14149 — CVSS 7.5 (high): GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST /…
CVE-2018-15504 — CVSS 7.5 (high): An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields…
CVE-2018-15505 — CVSS 7.5 (high): An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host"…
CVE-2014-9707 — CVSS 7.5 (high): EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to…
CVE-2019-5097 — CVSS 7.5 (high): A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in…
CVE-2019-19240 — CVSS 5.3 (medium): Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host…