High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-27	CVE-2021-46523	Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0 Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c. local low complexity cesanta CWE-787	7.8
2022-01-27	CVE-2021-46524	Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0 Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c. local low complexity cesanta CWE-787	7.8
2022-01-27	CVE-2021-46525	Use After Free vulnerability in Cesanta MJS 2.20.0 Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c. local low complexity cesanta CWE-416	7.8
2022-01-27	CVE-2021-46526	Classic Buffer Overflow vulnerability in Cesanta MJS 2.20.0 Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c. local low complexity cesanta CWE-120	7.8
2022-01-27	CVE-2021-46527	Out-of-bounds Write vulnerability in Cesanta MJS 2.20.0 Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c. local low complexity cesanta CWE-787	7.8
2019-07-11	CVE-2019-13503	Out-of-bounds Read vulnerability in Cesanta Mongoose 6.15 mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. network low complexity cesanta CWE-125	7.5
2019-06-10	CVE-2018-20352	Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. network low complexity cesanta CWE-416	8.8
2018-06-19	CVE-2018-10945	NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.11 The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. network low complexity cesanta CWE-476	7.5
2017-11-07	CVE-2017-2909	Infinite Loop vulnerability in Cesanta Mongoose 6.8 An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. network low complexity cesanta CWE-835	7.5
2017-11-07	CVE-2017-2895	Out-of-bounds Read vulnerability in Cesanta Mongoose 6.8 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. network low complexity cesanta CWE-125	8.2