Vulnerabilities > Cesanta
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-25756 | Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18 A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. | 9.8 |
| 2019-11-26 | CVE-2019-19307 | Infinite Loop vulnerability in Cesanta Mongoose 6.16 An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | 9.8 |
| 2019-07-11 | CVE-2019-13503 | Out-of-bounds Read vulnerability in Cesanta Mongoose 6.15 mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | 7.5 |
| 2019-06-24 | CVE-2019-12951 | Out-of-bounds Write vulnerability in Cesanta Mongoose An issue was discovered in Mongoose before 6.15. | 9.8 |
| 2019-06-10 | CVE-2018-20356 | Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | 9.8 |
| 2019-06-10 | CVE-2018-20355 | Use After Free vulnerability in Cesanta Mongoose An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | 9.8 |
| 2019-06-10 | CVE-2018-20354 | Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | 9.8 |
| 2019-06-10 | CVE-2018-20353 | Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | 9.8 |
| 2019-06-10 | CVE-2018-20352 | Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | 8.8 |
| 2018-11-27 | CVE-2018-19587 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cesanta Mongoose 6.13 In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. | 6.5 |