Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongoose vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-26528
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose 7.0
9.1
CVSSv3
CVE-2021-26530
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose 7.0
9.1
CVSSv3
CVE-2018-18764
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read...
Cesanta Mongoose 6.13
7.5
CVSSv3
CVE-2019-13503
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.
Cesanta Mongoose 6.15
1 Github repository
9.8
CVSSv3
CVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Cesanta Mongoose Os 2.17.0
5.4
CVSSv3
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin prior to 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Mongoosemarketplace Mongoose Page Plugin
NA
CVE-2009-1354
Directory traversal vulnerability in Mongoose 2.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the URI.
Sergey Lyubka Mongoose 2.4
1 EDB exploit
8.8
CVSSv3
CVE-2018-20352
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose Embedded Web Server Library
8.8
CVSSv3
CVE-2017-11567
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server prior to 6.9 allows remote malicious users to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary ...
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
NA
CVE-2011-2900
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote malicious users to execu...
Valenok Mongoose 3.0
Yassl Yasslews 0.2
Shttpd Shttpd 1.42
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »