Shodan
Vulnerabilities
Vulnerable Software
Cesanta:  Security Vulnerabilities
CVE-2023-49551
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-01-02
CVE-2023-49552
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-01-02
CVE-2023-49553
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
CVSS Score
7.5
EPSS Score
0.009
Published
2024-01-02
CVE-2023-50044
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-12-20
CVE-2023-43338
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-09-23
CVE-2020-25887
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-08-22
CVE-2023-2905
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-08-09
CVE-2023-34188
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
CVSS Score
7.5
EPSS Score
0.008
Published
2023-06-23
CVE-2023-30087
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-05-09
CVE-2023-30088
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved