Filtered by vendor Cesanta
Subscribe
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31875 | 1 Cesanta | 1 Mongooseos Mjs | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact." | |||||
| CVE-2020-25756 | 1 Cesanta | 1 Mongoose | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice. | |||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | |||||
| CVE-2023-49552 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. | |||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | |||||
| CVE-2023-49551 | 1 Cesanta | 1 Mjs | 2024-01-05 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | |||||
| CVE-2023-49550 | 1 Cesanta | 1 Mjs | 2024-01-05 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. | |||||
| CVE-2023-50044 | 1 Cesanta | 1 Mjs | 2023-12-29 | N/A | 9.8 CRITICAL |
| Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | |||||
| CVE-2023-2905 | 1 Cesanta | 1 Mongoose | 2023-12-10 | N/A | 8.8 HIGH |
| Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11. | |||||
| CVE-2023-43338 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 9.8 CRITICAL |
| Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | |||||
| CVE-2020-25887 | 1 Cesanta | 1 Mongoose | 2023-12-10 | N/A | 8.8 HIGH |
| Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | |||||
| CVE-2023-29570 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2023-29569 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2023-30088 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | |||||
| CVE-2023-30087 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. | |||||
| CVE-2023-29571 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2023-34188 | 1 Cesanta | 1 Mongoose | 2023-12-10 | N/A | 7.5 HIGH |
| The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests. | |||||
| CVE-2021-36535 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | |||||
| CVE-2021-33441 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c. | |||||
| CVE-2021-33444 | 1 Cesanta | 1 Mjs | 2023-12-10 | N/A | 5.5 MEDIUM |
| An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c. | |||||