Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cesanta Subscribe
Total 98 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2894 1 Cesanta 1 Mongoose 2022-06-07 7.5 HIGH 9.8 CRITICAL
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVE-2017-2891 1 Cesanta 1 Mongoose 2022-06-07 7.5 HIGH 9.8 CRITICAL
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.
CVE-2017-2895 1 Cesanta 1 Mongoose 2022-06-07 6.4 MEDIUM 8.2 HIGH
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVE-2017-2892 1 Cesanta 1 Mongoose 2022-06-07 7.5 HIGH 9.8 CRITICAL
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVE-2017-2893 1 Cesanta 1 Mongoose 2022-06-07 5.0 MEDIUM 7.5 HIGH
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVE-2021-27425 1 Cesanta 1 Mongoose Os 2022-05-12 7.5 HIGH 9.8 CRITICAL
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2022-25299 1 Cesanta 1 Mongoose 2022-02-28 5.0 MEDIUM 7.5 HIGH
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
CVE-2021-46510 1 Cesanta 1 Mjs 2022-02-03 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.
CVE-2021-46511 1 Cesanta 1 Mjs 2022-02-02 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46517 1 Cesanta 1 Mjs 2022-02-02 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46508 1 Cesanta 1 Mjs 2022-02-02 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.
CVE-2021-46515 1 Cesanta 1 Mjs 2022-02-02 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46514 1 Cesanta 1 Mjs 2022-02-02 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46509 1 Cesanta 1 Mjs 2022-02-01 6.8 MEDIUM 7.8 HIGH
Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.
CVE-2021-46516 1 Cesanta 1 Mjs 2022-02-01 4.3 MEDIUM 5.5 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46529 1 Cesanta 1 Mjs 2022-02-01 4.3 MEDIUM 5.5 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46513 1 Cesanta 1 Mjs 2022-02-01 6.8 MEDIUM 7.8 HIGH
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c.
CVE-2021-46512 1 Cesanta 1 Mjs 2022-02-01 4.3 MEDIUM 5.5 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46527 1 Cesanta 1 Mjs 2022-02-01 6.8 MEDIUM 7.8 HIGH
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c.
CVE-2021-46528 1 Cesanta 1 Mjs 2022-02-01 4.3 MEDIUM 5.5 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial of Service (DoS).