Cesanta : Security Vulnerabilities, CVEs,
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-20
Updated
2023-12-29
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-02
Updated
2024-01-09
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-02
Updated
2024-01-09
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-02
Updated
2024-01-05
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-02
Updated
2024-01-05
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-02
Updated
2024-01-09
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.
Max CVSS
9.8
EPSS Score
0.58%
Published
2023-09-23
Updated
2023-09-26
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-06-23
Updated
2023-09-06
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
Max CVSS
5.5
EPSS Score
0.07%
Published
2023-05-09
Updated
2023-05-15
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.
Max CVSS
5.5
EPSS Score
0.07%
Published
2023-05-09
Updated
2023-05-16
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.08%
Published
2023-04-12
Updated
2023-04-19
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.08%
Published
2023-04-24
Updated
2023-04-28
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.08%
Published
2023-04-14
Updated
2023-04-19
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.
Max CVSS
8.8
EPSS Score
0.04%
Published
2023-08-09
Updated
2023-08-16
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
Max CVSS
9.8
EPSS Score
0.13%
Published
2022-02-18
Updated
2022-02-28
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS).
Max CVSS
5.5
EPSS Score
0.24%
Published
2022-01-27
Updated
2022-01-31