Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cesanta vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-26530
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose 7.0
6.4
CVSSv2
CVE-2018-18764
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read...
Cesanta Mongoose 6.13
6.4
CVSSv2
CVE-2018-18765
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory ...
Cesanta Mongoose 6.13
5
CVSSv2
CVE-2018-10945
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote malicious users to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.
Cesanta Mongoose 6.11
7.5
CVSSv2
CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send th...
Cesanta Mongoose 6.8
4.3
CVSSv2
CVE-2018-19587
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Cesanta Mongoose 6.13
NA
CVE-2023-49549
An issue in Cesanta mjs 2.20.0 allows a remote malicious user to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
Cesanta Mjs 2.20.0
NA
CVE-2023-49550
An issue in Cesanta mjs 2.20.0 allows a remote malicious user to cause a denial of service via the mjs+0x4ec508 component.
Cesanta Mjs 2.20.0
NA
CVE-2023-49551
An issue in Cesanta mjs 2.20.0 allows a remote malicious user to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
Cesanta Mjs 2.20.0
NA
CVE-2023-49552
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote malicious user to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
Cesanta Mjs 2.20.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »