High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-26	CVE-2019-19307	Infinite Loop vulnerability in Cesanta Mongoose 6.16 An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. network low complexity cesanta CWE-835	7.5
2019-07-11	CVE-2019-13503	Out-of-bounds Read vulnerability in Cesanta Mongoose 6.15 mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. network low complexity cesanta CWE-125	7.5
2019-06-24	CVE-2019-12951	Out-of-bounds Write vulnerability in Cesanta Mongoose An issue was discovered in Mongoose before 6.15. network low complexity cesanta CWE-787	7.5
2019-06-10	CVE-2018-20356	Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. network low complexity cesanta CWE-416	7.5
2019-06-10	CVE-2018-20355	Use After Free vulnerability in Cesanta Mongoose An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. network low complexity cesanta CWE-416	7.5
2019-06-10	CVE-2018-20354	Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. network low complexity cesanta CWE-416	7.5
2019-06-10	CVE-2018-20353	Use After Free vulnerability in Cesanta Mongoose An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. network low complexity cesanta CWE-416	7.5
2017-11-07	CVE-2017-2922	Use After Free vulnerability in Cesanta Mongoose 6.8 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. network low complexity cesanta CWE-416	7.5
2017-11-07	CVE-2017-2921	Integer Overflow or Wraparound vulnerability in Cesanta Mongoose 6.8 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. network low complexity cesanta CWE-190	7.5
2017-11-07	CVE-2017-2909	Infinite Loop vulnerability in Cesanta Mongoose 6.8 An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. network low complexity cesanta CWE-835	7.8