Vulnerabilities > Cesanta
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2020-25887 | Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18 Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | 8.8 |
| 2023-08-09 | CVE-2023-2905 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10 Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. | 8.8 |
| 2023-06-23 | CVE-2023-34188 | Unspecified vulnerability in Cesanta Mongoose The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. | 7.5 |
| 2023-05-09 | CVE-2023-30087 | Out-of-bounds Write vulnerability in Cesanta MJS 1.26 Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. | 5.5 |
| 2023-05-09 | CVE-2023-30088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cesanta MJS 1.26 An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | 5.5 |
| 2023-04-24 | CVE-2023-29570 | Unspecified vulnerability in Cesanta MJS 2.20.0 Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. | 5.5 |
| 2023-02-03 | CVE-2021-36535 | Out-of-bounds Write vulnerability in Cesanta MJS 1.26 Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | 5.5 |
| 2022-07-26 | CVE-2021-33437 | Memory Leak vulnerability in Cesanta MJS An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). | 5.5 |
| 2022-05-03 | CVE-2021-27425 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose OS 2.17.0 Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. | 7.5 |
| 2022-02-18 | CVE-2022-25299 | Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose This affects the package cesanta/mongoose before 7.6. | 5.0 |