Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongoose vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-26530
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose 7.0
4.3
CVSSv2
CVE-2018-19587
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Cesanta Mongoose 6.13
7.5
CVSSv2
CVE-2019-19307
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an malicious user to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.
Cesanta Mongoose 6.16
1 Github repository
7.5
CVSSv2
CVE-2020-25756
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.
Cesanta Mongoose 6.18
7.5
CVSSv2
CVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Cesanta Mongoose Os 2.17.0
NA
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin prior to 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Mongoosemarketplace Mongoose Page Plugin
4
CVSSv2
CVE-2009-1354
Directory traversal vulnerability in Mongoose 2.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the URI.
Sergey Lyubka Mongoose 2.4
1 EDB exploit
6.8
CVSSv2
CVE-2018-20352
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose Embedded Web Server Library
6.8
CVSSv2
CVE-2017-11567
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server prior to 6.9 allows remote malicious users to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary ...
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
7.5
CVSSv2
CVE-2011-2900
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote malicious users to execu...
Valenok Mongoose 3.0
Yassl Yasslews 0.2
Shttpd Shttpd 1.42
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »