Filtered by vendor Embedthis
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15504 | 2 Embedthis, Juniper | 134 Appweb, Goahead, Ex2200 and 131 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. | ||||
| CVE-2017-1000471 | 1 Embedthis | 1 Goahead | 2024-11-21 | N/A |
| EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. | ||||
| CVE-2017-1000470 | 1 Embedthis | 1 Goahead Web Server | 2024-11-21 | N/A |
| EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. | ||||
| CVE-2024-3186 | 1 Embedthis | 1 Goahead | 2024-10-18 | 5.3 Medium |
| CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. | ||||
| CVE-2024-3187 | 1 Embedthis | 1 Goahead | 2024-10-18 | 5.9 Medium |
| This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. | ||||
| CVE-2024-3184 | 1 Embedthis | 1 Goahead | 2024-10-18 | 5.9 Medium |
| Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS). | ||||