Vulnerabilities > Cesanta > Mongoose > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-25299 | Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose This affects the package cesanta/mongoose before 7.6. | 5.0 |
| 2021-02-08 | CVE-2021-26530 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 6.4 |
| 2021-02-08 | CVE-2021-26529 | Out-of-bounds Write vulnerability in Cesanta Mongoose The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 6.4 |
| 2021-02-08 | CVE-2021-26528 | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 6.4 |
| 2018-11-27 | CVE-2018-19587 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cesanta Mongoose 6.13 In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. | 4.3 |
| 2018-10-29 | CVE-2018-18765 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.13 An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. | 6.4 |
| 2018-10-29 | CVE-2018-18764 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.13 An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. | 6.4 |
| 2018-06-19 | CVE-2018-10945 | NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.11 The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | 5.0 |
| 2017-11-07 | CVE-2017-2895 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.8 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. | 6.4 |
| 2017-11-07 | CVE-2017-2893 | NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.8 An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. | 5.0 |