Known Vulnerabilities for products from Cesanta
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cesanta".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6986 json | Not Provided | 2026-04-25 | 2026-04-25 | |
| CVE-2026-6985 json | Not Provided | 2026-04-25 | 2026-04-25 | |
| CVE-2026-5246 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-5245 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-5244 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2023-49551 json | 7.5 - HIGH | 2024-01-02 | 2024-01-05 | |
| CVE-2023-49550 json | 7.5 - HIGH | 2024-01-02 | 2024-01-05 | |
| CVE-2023-43338 json | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This... | 9.8 - CRITICAL | 2023-09-23 | 2023-09-26 |
| CVE-2023-34188 json | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single atta... | 7.5 - HIGH | 2023-06-23 | 2023-09-06 |
| CVE-2023-30088 json | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs... | 5.5 - MEDIUM | 2023-05-09 | 2023-05-15 |
| CVE-2023-30087 json | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk... | 5.5 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-29571 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead ... | 5.5 - MEDIUM | 2023-04-12 | 2023-04-19 |
| CVE-2023-29570 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability c... | 5.5 - MEDIUM | 2023-04-24 | 2023-04-28 |
| CVE-2023-29569 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerabili... | 5.5 - MEDIUM | 2023-04-14 | 2023-04-19 |
| CVE-2023-2905 json | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesan... | 8.8 - HIGH | 2023-08-09 | 2023-08-16 |
| CVE-2022-25299 json | This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() ... | 7.5 - HIGH | 2022-02-18 | 2022-02-28 |
| CVE-2021-46556 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulne... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46554 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerabili... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46553 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerabili... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
| CVE-2021-46550 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability ... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
Known software with vulnerabilities from Cesanta
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cesanta | Mongoose | 3.2 |
| Application | Cesanta | Mongoose Embedded Web Server Library | 3.2 |