Vulnerabilities > Cesanta

DATE CVE VULNERABILITY TITLE RISK
2017-11-07 CVE-2017-2921 Integer Overflow or Wraparound vulnerability in Cesanta Mongoose 6.8
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-190
7.5
7.5
2017-11-07 CVE-2017-2909 Infinite Loop vulnerability in Cesanta Mongoose 6.8
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library.
network
low complexity
cesanta CWE-835
7.8
7.8
2017-11-07 CVE-2017-2895 Out-of-bounds Read vulnerability in Cesanta Mongoose 6.8
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-125
6.4
6.4
2017-11-07 CVE-2017-2894 Out-of-bounds Write vulnerability in Cesanta Mongoose 6.8
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-787
7.5
7.5
2017-11-07 CVE-2017-2893 NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.8
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-476
5.0
5.0
2017-11-07 CVE-2017-2892 Integer Overflow or Wraparound vulnerability in Cesanta Mongoose 6.8
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-190
7.5
7.5
2017-11-07 CVE-2017-2891 Use After Free vulnerability in Cesanta Mongoose 6.8
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-416
7.5
7.5
2017-09-07 CVE-2017-11567 Cross-Site Request Forgery (CSRF) vulnerability in Cesanta Mongoose Embedded web Server Library
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save.
network
cesanta CWE-352
6.8
6.8
2017-04-10 CVE-2017-7185 Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library and Mongoose OS
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
network
low complexity
cesanta CWE-416
5.0
5.0