Shodan
Vulnerabilities
Vulnerable Software
Cesanta:  Security Vulnerabilities
CVE-2020-25887
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-22
CVE-2023-2905
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-09
CVE-2023-34188
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-23
CVE-2023-30087
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-09
CVE-2023-30088
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-09
CVE-2023-29570
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-24
CVE-2023-29569
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-14
CVE-2023-29571
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-12
CVE-2021-36535
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-02-03
CVE-2021-33447
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-07-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved