Vulnerabilities > Cesanta > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-02 CVE-2023-49549 Unspecified vulnerability in Cesanta MJS 2.20.0
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
network
low complexity
cesanta
7.5
7.5
2024-01-02 CVE-2023-49550 Unspecified vulnerability in Cesanta MJS 2.20.0
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
network
low complexity
cesanta
7.5
7.5
2024-01-02 CVE-2023-49551 Unspecified vulnerability in Cesanta MJS 2.20.0
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
network
low complexity
cesanta
7.5
7.5
2024-01-02 CVE-2023-49552 Out-of-bounds Read vulnerability in Cesanta MJS 2.20.0
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
network
low complexity
cesanta CWE-125
7.5
7.5
2024-01-02 CVE-2023-49553 Unspecified vulnerability in Cesanta MJS 2.20.0
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
network
low complexity
cesanta
7.5
7.5
2023-08-22 CVE-2020-25887 Classic Buffer Overflow vulnerability in Cesanta Mongoose 6.18
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
network
low complexity
cesanta CWE-120
8.8
8.8
2023-08-09 CVE-2023-2905 Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration.
low complexity
cesanta CWE-787
8.8
8.8
2023-06-23 CVE-2023-34188 Unspecified vulnerability in Cesanta Mongoose
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.
network
low complexity
cesanta
7.5
7.5
2022-05-03 CVE-2021-27425 Integer Overflow or Wraparound vulnerability in Cesanta Mongoose OS 2.17.0
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc.
network
low complexity
cesanta CWE-190
7.5
7.5
2022-01-27 CVE-2021-46509 Uncontrolled Recursion vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.
local
low complexity
cesanta CWE-674
7.8
7.8