Vulnerabilities > Cesanta > Mongoose > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-10 | CVE-2018-20356 | Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | 9.8 |
| 2018-10-29 | CVE-2018-18764 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.13 An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. | 9.1 |
| 2018-10-29 | CVE-2018-18765 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.13 An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. | 9.1 |
| 2017-11-07 | CVE-2017-2891 | Use After Free vulnerability in Cesanta Mongoose 6.8 An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. | 9.8 |
| 2017-11-07 | CVE-2017-2892 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose 6.8 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. | 9.8 |
| 2017-11-07 | CVE-2017-2894 | Out-of-bounds Write vulnerability in Cesanta Mongoose 6.8 An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. | 9.8 |
| 2017-11-07 | CVE-2017-2921 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose 6.8 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. | 9.8 |
| 2017-11-07 | CVE-2017-2922 | Use After Free vulnerability in Cesanta Mongoose 6.8 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. | 9.8 |