Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cesanta vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-2893
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafte...
Cesanta Mongoose 6.8
7.5
CVSSv3
CVE-2017-2909
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this ...
Cesanta Mongoose 6.8
9.1
CVSSv3
CVE-2018-18765
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory ...
Cesanta Mongoose 6.13
7.5
CVSSv3
CVE-2019-13503
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.
Cesanta Mongoose 6.15
1 Github repository
9.1
CVSSv3
CVE-2021-26530
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose 7.0
5.5
CVSSv3
CVE-2020-18392
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote malicious users to cause a Denial of Service (DoS) via a crafted file.
Cesanta Mjs 1.20.1
8.2
CVSSv3
CVE-2017-2895
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of ser...
Cesanta Mongoose 6.8
9.8
CVSSv3
CVE-2023-43338
Cesanta mjs v2.20.0 exists to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows malicious users to execute arbitrary code via a crafted input.
Cesanta Mjs 2.20.0
6.5
CVSSv3
CVE-2018-19587
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Cesanta Mongoose 6.13
5.5
CVSSv3
CVE-2020-36368
Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote malicious users to cause a Denial of Service (DoS) via a crafted file.
Cesanta Mjs 1.20.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »