Filtered by vendor Cesanta Subscriptions
Total 125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-46508 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.
CVE-2021-36535 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.
CVE-2021-33449 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.
CVE-2021-33448 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.
CVE-2021-33447 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.
CVE-2021-33446 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c.
CVE-2021-33445 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.
CVE-2021-33444 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c.
CVE-2021-33443 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.
CVE-2021-33442 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c.
CVE-2021-33441 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c.
CVE-2021-33440 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c.
CVE-2021-33439 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c.
CVE-2021-33438 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.
CVE-2021-33437 1 Cesanta 1 Mjs 2024-11-21 5.5 Medium
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.
CVE-2021-31875 1 Cesanta 1 Mongooseos Mjs 2024-11-21 9.8 Critical
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
CVE-2021-27425 1 Cesanta 1 Mongoose Os 2024-11-21 7.3 High
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-26530 1 Cesanta 1 Mongoose 2024-11-21 9.1 Critical
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVE-2021-26529 1 Cesanta 1 Mongoose 2024-11-21 9.1 Critical
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVE-2021-26528 1 Cesanta 1 Mongoose 2024-11-21 9.1 Critical
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.