Filtered by vendor Cesanta
Subscriptions
Total
125 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-46508 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. | ||||
CVE-2021-36535 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | ||||
CVE-2021-33449 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. | ||||
CVE-2021-33448 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | ||||
CVE-2021-33447 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. | ||||
CVE-2021-33446 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. | ||||
CVE-2021-33445 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c. | ||||
CVE-2021-33444 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c. | ||||
CVE-2021-33443 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c. | ||||
CVE-2021-33442 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c. | ||||
CVE-2021-33441 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c. | ||||
CVE-2021-33440 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c. | ||||
CVE-2021-33439 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c. | ||||
CVE-2021-33438 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c. | ||||
CVE-2021-33437 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c. | ||||
CVE-2021-31875 | 1 Cesanta | 1 Mongooseos Mjs | 2024-11-21 | 9.8 Critical |
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact." | ||||
CVE-2021-27425 | 1 Cesanta | 1 Mongoose Os | 2024-11-21 | 7.3 High |
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
CVE-2021-26530 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.1 Critical |
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
CVE-2021-26529 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.1 Critical |
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
CVE-2021-26528 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.1 Critical |
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. |