CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-2922
https://notcve.org/view.php?id=CVE-2017-2922
07 Nov 2017 — An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de corrupción de memoria en la implement... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0429 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2017-2893
https://notcve.org/view.php?id=CVE-2017-2893
07 Nov 2017 — An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de desreferencia de puntero NULL en la funcionalidad de análisis sintáctico de paquetes MQTT de Cesanta Mongoose 6.8. Un paquete MQTT... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2895
https://notcve.org/view.php?id=CVE-2017-2895
07 Nov 2017 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria arbitraria en la funcionalidad de análisis sintáctico de paqu... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0402 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2909
https://notcve.org/view.php?id=CVE-2017-2909
07 Nov 2017 — An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. Existe un error de programación de bucle infinito en la funcionalidad del servidor DNS en la biblioteca Cesanta Mongoose 6.8. Una petición DNS especialmente manipulada puede provocar un bucle infinito, resultando en u... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 43%CPEs: 3EXPL: 2CVE-2011-2900 – Simple HTTPd 1.42 - Denial of Servive
https://notcve.org/view.php?id=CVE-2011-2900
05 Aug 2011 — Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011. Desbordamiento de buffer de pila en (1) la función put_dir de mongoose.c de Mongoose 3.0, (2) la función put_dir de yasslEWS.c de yaSSL Embedded Web Server (yass... • https://www.exploit-db.com/exploits/17658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2009-4530
https://notcve.org/view.php?id=CVE-2009-4530
31 Dec 2009 — Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. Mongoose v2.8.0 y anteriores permite a atacantes remotos obtener el código fuente de una página web añadiendo ::$DATA a la URI. • http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 4CVE-2009-4535 – Mongoose Web Server 2.8 - Source Disclosure
https://notcve.org/view.php?id=CVE-2009-4535
31 Dec 2009 — Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. Mongoose v2.8.0 y anteriores permite a atacantes remotos obtener el código fuente de una página web añadiendo un carácter / (barra) a la URI. • https://www.exploit-db.com/exploits/9897 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-1354 – MonGoose 2.4 (Windows) - WebServer Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1354
21 Apr 2009 — Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en Mongoose v2.4 permite a atacantes remotos leer ficheros de forma arbitraria a través de .. (punto punto) en el URI. • https://www.exploit-db.com/exploits/8428 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •