Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongoose vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4535
Mongoose 2.8.0 and previous versions allows remote malicious users to obtain the source code for a web page by appending a / (slash) character to the URI.
Valenok Mongoose
2 EDB exploits
9.1
CVSSv3
CVE-2019-17426
Automattic Mongoose up to and including 5.7.4 allows malicious users to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter...
Mongoosejs Mongoose
7.5
CVSSv3
CVE-2023-34188
The HTTP server in Mongoose prior to 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other req...
Cesanta Mongoose
1 Github repository
7.5
CVSSv3
CVE-2022-25299
This affects the package cesanta/mongoose prior to 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable malicious users to write files to arbitrary locations outside the designated target folder.
Cesanta Mongoose
9.8
CVSSv3
CVE-2019-12951
An issue exists in Mongoose prior to 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
Cesanta Mongoose
9.8
CVSSv3
CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send th...
Cesanta Mongoose 6.8
9.8
CVSSv3
CVE-2017-2892
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of servic...
Cesanta Mongoose 6.8
9.8
CVSSv3
CVE-2017-2894
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafte...
Cesanta Mongoose 6.8
7.5
CVSSv3
CVE-2017-2909
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this ...
Cesanta Mongoose 6.8
9.8
CVSSv3
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote co...
Cesanta Mongoose 6.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »