Known Vulnerabilities for products from Cesanta
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cesanta".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5246 | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-5245 | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-5244 | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2023-49551 | 7.5 - HIGH | 2024-01-02 | 2024-01-05 | |
| CVE-2023-49550 | 7.5 - HIGH | 2024-01-02 | 2024-01-05 | |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This... | 9.8 - CRITICAL | 2023-09-23 | 2023-09-26 |
| CVE-2023-34188 | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single atta... | 7.5 - HIGH | 2023-06-23 | 2023-09-06 |
| CVE-2023-30088 | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs... | 5.5 - MEDIUM | 2023-05-09 | 2023-05-15 |
| CVE-2023-30087 | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk... | 5.5 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-29571 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead ... | 5.5 - MEDIUM | 2023-04-12 | 2023-04-19 |
| CVE-2023-29570 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability c... | 5.5 - MEDIUM | 2023-04-24 | 2023-04-28 |
| CVE-2023-29569 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerabili... | 5.5 - MEDIUM | 2023-04-14 | 2023-04-19 |
| CVE-2023-2905 | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesan... | 8.8 - HIGH | 2023-08-09 | 2023-08-16 |
| CVE-2022-25299 | This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() ... | 7.5 - HIGH | 2022-02-18 | 2022-02-28 |
| CVE-2021-46556 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulne... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46554 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerabili... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46553 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerabili... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46550 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability ... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46549 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability c... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46548 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerabi... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
Known software with vulnerabilities from Cesanta
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cesanta | Mongoose | 3.2 |
| Application | Cesanta | Mongoose Embedded Web Server Library | 3.2 |