Filtered by vendor Cesanta
Subscribe
Search
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | |||||
| CVE-2023-49552 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. | |||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | |||||
| CVE-2023-49550 | 1 Cesanta | 1 Mjs | 2024-01-05 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. | |||||
| CVE-2023-49551 | 1 Cesanta | 1 Mjs | 2024-01-05 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | |||||
| CVE-2020-25887 | 1 Cesanta | 1 Mongoose | 2023-08-25 | N/A | 8.8 HIGH |
| Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | |||||
| CVE-2023-2905 | 1 Cesanta | 1 Mongoose | 2023-08-16 | N/A | 8.8 HIGH |
| Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11. | |||||
| CVE-2021-46509 | 1 Cesanta | 1 Mjs | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. | |||||
| CVE-2017-2909 | 1 Cesanta | 1 Mongoose | 2022-06-13 | 7.8 HIGH | 7.5 HIGH |
| An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2895 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 6.4 MEDIUM | 8.2 HIGH |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2893 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2022-25299 | 1 Cesanta | 1 Mongoose | 2022-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder. | |||||
| CVE-2021-46513 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c. | |||||
| CVE-2021-46527 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c. | |||||
| CVE-2021-46525 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c. | |||||
| CVE-2021-46526 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c. | |||||
| CVE-2021-46524 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c. | |||||
| CVE-2021-46523 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c. | |||||
| CVE-2021-46521 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c. | |||||
| CVE-2021-46522 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53. | |||||
| CVE-2021-46519 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c. | |||||
| CVE-2021-46520 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c. | |||||
| CVE-2021-46518 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c. | |||||
| CVE-2019-13503 | 1 Cesanta | 1 Mongoose | 2019-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | |||||
| CVE-2018-20352 | 1 Cesanta | 1 Mongoose Embedded Web Server Library | 2019-06-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2017-7185 | 1 Cesanta | 2 Mongoose Embedded Web Server Library, Mongoose Os | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string. | |||||
| CVE-2018-10945 | 1 Cesanta | 1 Mongoose | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | |||||
| CVE-2017-11567 | 1 Cesanta | 1 Mongoose Embedded Web Server Library | 2017-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. | |||||