Embedthis

embedthis

22 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-9708 3Embedthis JuniperOracle 3Appweb Enterprise Communications BrokerJunos May 6, 2026 Mar 31, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
CVE-2014-9707 1Embedthis 1Goahead May 6, 2026 Mar 31, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer ove...Show more EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2014-9708

3Embedthis

JuniperOracle

3Appweb

Enterprise Communications BrokerJunos

May 6, 2026

Mar 31, 2015

N/A· v4

N/A· v3

5.0 MEDIUM· v2

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

CVE-2014-9707

1Embedthis

1Goahead

May 6, 2026

Mar 31, 2015

N/A· v4

N/A· v3

7.5 HIGH· v2

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer ove...Show more

Previous 12