Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mjs
(Cesanta)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 90 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-26 | CVE-2021-33445 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c. | Mjs | 5.5 | ||
| 2022-07-26 | CVE-2021-33446 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. | Mjs | 5.5 | ||
| 2022-07-26 | CVE-2021-33447 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. | Mjs | 5.5 | ||
| 2022-07-26 | CVE-2021-33448 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | Mjs | 5.5 | ||
| 2022-07-26 | CVE-2021-33449 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. | Mjs | 5.5 | ||
| 2023-02-03 | CVE-2021-36535 | Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | Mjs | 5.5 | ||
| 2023-09-23 | CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | Mjs | 9.8 | ||
| 2023-12-20 | CVE-2023-50044 | Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | Mjs | 9.8 | ||
| 2024-01-02 | CVE-2023-49551 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | Mjs | 7.5 | ||
| 2024-01-02 | CVE-2023-49552 | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. | Mjs | 7.5 |