Vulnerabilities > Cesanta > Mongoose

DATE CVE VULNERABILITY TITLE RISK
2019-06-24 CVE-2019-12951 Out-of-bounds Write vulnerability in Cesanta Mongoose
An issue was discovered in Mongoose before 6.15.
network
low complexity
cesanta CWE-787
7.5
2019-06-10 CVE-2018-20356 Use After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20355 Use After Free vulnerability in Cesanta Mongoose
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20354 Use After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2019-06-10 CVE-2018-20353 Use After Free vulnerability in Cesanta Mongoose
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
network
low complexity
cesanta CWE-416
7.5
2018-11-27 CVE-2018-19587 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cesanta Mongoose 6.13
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
network
cesanta CWE-119
4.3
2018-10-29 CVE-2018-18765 Out-of-bounds Read vulnerability in Cesanta Mongoose 6.13
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13.
network
low complexity
cesanta CWE-125
6.4
2018-10-29 CVE-2018-18764 Out-of-bounds Read vulnerability in Cesanta Mongoose 6.13
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13.
network
low complexity
cesanta CWE-125
6.4
2018-06-19 CVE-2018-10945 NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.11
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.
network
low complexity
cesanta CWE-476
5.0
2017-11-07 CVE-2017-2922 Use After Free vulnerability in Cesanta Mongoose 6.8
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-416
7.5