Vendor CVEs
Cesanta
All CVEs
137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2894 | Cri | 0.66 | 9.8 | 0.31 | Nov 7, 2017 | An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially… | ||
| CVE-2017-2922 | Cri | 0.64 | 9.8 | 0.03 | Nov 7, 2017 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be… | ||
| CVE-2017-2921 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote… | ||
| CVE-2017-2892 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of… | ||
| CVE-2017-2891 | Cri | 0.64 | 9.8 | 0.03 | Nov 7, 2017 | An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send… | ||
| CVE-2017-11567 | Hig | 0.61 | 8.8 | 0.04 | Sep 7, 2017 | Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code… | ||
| CVE-2017-2895 | Hig | 0.53 | 8.2 | 0.01 | Nov 7, 2017 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of… | ||
| CVE-2017-7185 | Hig | 0.53 | 7.5 | 0.12 | Apr 10, 2017 | Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data… | ||
| CVE-2017-2893 | Hig | 0.51 | 7.5 | 0.27 | Nov 7, 2017 | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially… | ||
| CVE-2024-35492 | Hig | 0.49 | 7.5 | 0.01 | May 29, 2024 | Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet. | ||
| CVE-2018-10945 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2018 | The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | ||
| CVE-2017-2909 | Hig | 0.49 | 7.5 | 0.01 | Nov 7, 2017 | An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this… | ||
| CVE-2026-5244 | Hig | 0.40 | 7.3 | 0.01 | Apr 2, 2026 | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely.… | ||
| CVE-2025-0696 | Med | 0.34 | 5.3 | 0.00 | Jan 27, 2025 | A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input. | ||
| CVE-2025-0695 | Med | 0.34 | 5.3 | 0.00 | Jan 27, 2025 | An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input. | ||
| CVE-2026-5246 | Med | 0.29 | 5.6 | 0.01 | Apr 2, 2026 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely.… | ||
| CVE-2026-5245 | Med | 0.29 | 5.6 | 0.01 | Apr 2, 2026 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the… | ||
| CVE-2026-6985 | Med | 0.27 | 5.3 | 0.01 | Apr 25, 2026 | A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be… | ||
| CVE-2026-2968 | Low | 0.24 | 3.7 | 0.00 | Feb 23, 2026 | A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature.… | ||
| CVE-2026-2967 | Low | 0.24 | 3.7 | 0.00 | Feb 23, 2026 | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The… | ||
| CVE-2026-2966 | Low | 0.24 | 3.7 | 0.00 | Feb 23, 2026 | A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The… | ||
| CVE-2023-30421 | Low | 0.19 | 2.9 | 0.00 | Apr 19, 2025 | mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114. | ||
| CVE-2026-6986 | Low | 0.17 | 3.7 | 0.00 | Apr 25, 2026 | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic… | ||
| CVE-2025-65502 | 0.00 | — | 0.00 | Nov 24, 2025 | Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL. | |||
| CVE-2024-42392 | 0.00 | — | 0.00 | Nov 18, 2024 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | |||
| CVE-2024-42391 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||
| CVE-2024-42390 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||
| CVE-2024-42389 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||
| CVE-2024-42388 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||
| CVE-2024-42387 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||
| CVE-2024-42386 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | |||
| CVE-2024-42385 | 0.00 | — | 0.00 | Nov 18, 2024 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | |||
| CVE-2024-42384 | 0.00 | — | 0.00 | Nov 18, 2024 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | |||
| CVE-2024-42383 | 0.00 | — | 0.00 | Nov 18, 2024 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | |||
| CVE-2024-35385 | 0.00 | — | 0.01 | May 21, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file. | |||
| CVE-2024-35384 | 0.00 | — | 0.00 | May 21, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file. | |||
| CVE-2024-35386 | 0.00 | — | 0.01 | May 21, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file. | |||
| CVE-2023-49550 | 0.00 | — | 0.01 | Jan 2, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. | |||
| CVE-2023-49552 | 0.00 | — | 0.01 | Jan 2, 2024 | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. | |||
| CVE-2023-49551 | 0.00 | — | 0.01 | Jan 2, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | |||
| CVE-2023-49553 | 0.00 | — | 0.01 | Jan 2, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | |||
| CVE-2023-49549 | 0.00 | — | 0.01 | Jan 2, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | |||
| CVE-2023-50044 | 0.00 | — | 0.01 | Dec 20, 2023 | Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | |||
| CVE-2023-43338 | 0.00 | — | 0.01 | Sep 22, 2023 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | |||
| CVE-2023-2905 | 0.00 | — | 0.01 | Aug 9, 2023 | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version… | |||
| CVE-2023-34188 | 0.00 | — | 0.01 | Jun 23, 2023 | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other… | |||
| CVE-2023-34611 | 0.00 | — | 0.01 | Jun 14, 2023 | An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||
| CVE-2023-30087 | 0.00 | — | 0.00 | May 9, 2023 | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. | |||
| CVE-2023-30088 | 0.00 | — | 0.00 | May 9, 2023 | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | |||
| CVE-2023-29570 | 0.00 | — | 0.00 | Apr 24, 2023 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). |
- risk 0.66cvss 9.8epss 0.31
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially…
- risk 0.64cvss 9.8epss 0.03
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be…
- risk 0.64cvss 9.8epss 0.02
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote…
- risk 0.64cvss 9.8epss 0.02
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of…
- risk 0.64cvss 9.8epss 0.03
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send…
- risk 0.61cvss 8.8epss 0.04
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code…
- risk 0.53cvss 8.2epss 0.01
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of…
- risk 0.53cvss 7.5epss 0.12
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data…
- risk 0.51cvss 7.5epss 0.27
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially…
- risk 0.49cvss 7.5epss 0.01
Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.
- risk 0.49cvss 7.5epss 0.01
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.
- risk 0.49cvss 7.5epss 0.01
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this…
- risk 0.40cvss 7.3epss 0.01
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely.…
- risk 0.34cvss 5.3epss 0.00
A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.
- risk 0.34cvss 5.3epss 0.00
An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.
- risk 0.29cvss 5.6epss 0.01
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely.…
- risk 0.29cvss 5.6epss 0.01
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the…
- risk 0.27cvss 5.3epss 0.01
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature.…
- risk 0.24cvss 3.7epss 0.00
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The…
- risk 0.24cvss 3.7epss 0.00
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The…
- risk 0.19cvss 2.9epss 0.00
mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.
- risk 0.17cvss 3.7epss 0.00
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic…
- CVE-2025-65502Nov 24, 2025risk 0.00cvss —epss 0.00
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
- CVE-2024-42392Nov 18, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
- CVE-2024-42391Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42390Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42389Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42388Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42387Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42386Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
- CVE-2024-42385Nov 18, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
- CVE-2024-42384Nov 18, 2024risk 0.00cvss —epss 0.00
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
- CVE-2024-42383Nov 18, 2024risk 0.00cvss —epss 0.00
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
- CVE-2024-35385May 21, 2024risk 0.00cvss —epss 0.01
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.
- CVE-2024-35384May 21, 2024risk 0.00cvss —epss 0.00
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.
- CVE-2024-35386May 21, 2024risk 0.00cvss —epss 0.01
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.
- CVE-2023-49550Jan 2, 2024risk 0.00cvss —epss 0.01
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
- CVE-2023-49552Jan 2, 2024risk 0.00cvss —epss 0.01
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
- CVE-2023-49551Jan 2, 2024risk 0.00cvss —epss 0.01
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
- CVE-2023-49553Jan 2, 2024risk 0.00cvss —epss 0.01
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
- CVE-2023-49549Jan 2, 2024risk 0.00cvss —epss 0.01
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
- CVE-2023-50044Dec 20, 2023risk 0.00cvss —epss 0.01
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
- CVE-2023-43338Sep 22, 2023risk 0.00cvss —epss 0.01
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.
- CVE-2023-2905Aug 9, 2023risk 0.00cvss —epss 0.01
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version…
- CVE-2023-34188Jun 23, 2023risk 0.00cvss —epss 0.01
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other…
- CVE-2023-34611Jun 14, 2023risk 0.00cvss —epss 0.01
An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
- CVE-2023-30087May 9, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.
- CVE-2023-30088May 9, 2023risk 0.00cvss —epss 0.00
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
- CVE-2023-29570Apr 24, 2023risk 0.00cvss —epss 0.00
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
Page 1 of 3