Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cesanta vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-26529
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose
Cesanta Mongoose 7.0
5
CVSSv2
CVE-2017-7185
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and previous versions and Mongoose OS 1.2 and previous versions allows remote malicious users to cause a denial of service (crash) vi...
Cesanta Mongoose Os
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
5
CVSSv2
CVE-2022-25299
This affects the package cesanta/mongoose prior to 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable malicious users to write files to arbitrary locations outside the designated target folder.
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20353
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote...
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
7.5
CVSSv2
CVE-2019-12951
An issue exists in Mongoose prior to 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
Cesanta Mongoose
NA
CVE-2023-34188
The HTTP server in Mongoose prior to 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other req...
Cesanta Mongoose
1 Github repository
NA
CVE-2021-33438
An issue exists in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.
Cesanta Mjs
NA
CVE-2021-33437
An issue exists in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.
Cesanta Mjs
NA
CVE-2021-33439
An issue exists in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c.
Cesanta Mjs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »