Vulnerabilities > Cesanta > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-2905 Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration.
low complexity
cesanta CWE-787
8.8
8.8
2023-06-23 CVE-2023-34188 Unspecified vulnerability in Cesanta Mongoose
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.
network
low complexity
cesanta
7.5
7.5
2022-02-18 CVE-2022-25299 Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose
This affects the package cesanta/mongoose before 7.6.
network
low complexity
cesanta CWE-552
7.5
7.5
2022-01-27 CVE-2021-46509 Uncontrolled Recursion vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.
local
low complexity
cesanta CWE-674
7.8
7.8
2022-01-27 CVE-2021-46513 Classic Buffer Overflow vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c.
local
low complexity
cesanta CWE-120
7.8
7.8
2022-01-27 CVE-2021-46518 Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c.
local
low complexity
cesanta CWE-787
7.8
7.8
2022-01-27 CVE-2021-46519 Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c.
local
low complexity
cesanta CWE-787
7.8
7.8
2022-01-27 CVE-2021-46520 Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c.
local
low complexity
cesanta CWE-787
7.8
7.8
2022-01-27 CVE-2021-46521 Classic Buffer Overflow vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.
local
low complexity
cesanta CWE-120
7.8
7.8
2022-01-27 CVE-2021-46522 Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53.
local
low complexity
cesanta CWE-787
7.8
7.8