Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mongoose
(Cesanta)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-18 | CVE-2024-42385 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | Mongoose | 7.0 | ||
| 2024-11-18 | CVE-2024-42386 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | Mongoose | 7.5 | ||
| 2024-11-18 | CVE-2024-42387 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | Mongoose | 5.3 | ||
| 2024-11-18 | CVE-2024-42388 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | Mongoose | 5.3 | ||
| 2024-11-18 | CVE-2024-42389 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | Mongoose | 5.3 | ||
| 2024-11-18 | CVE-2024-42390 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | Mongoose | 5.3 | ||
| 2024-11-18 | CVE-2024-42391 | Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | Mongoose | 5.3 | ||
| 2024-11-18 | CVE-2024-42392 | Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | Mongoose | 7.5 | ||
| 2019-07-11 | CVE-2019-13503 | mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | Mongoose | 7.5 | ||
| 2017-11-07 | CVE-2017-2909 | An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. | Mongoose | 7.5 |