CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10945
https://notcve.org/view.php?id=CVE-2018-10945
19 Jun 2018 — The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. La función mg_handle_cgi en mongoose.c en Mongoose 6.11 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap o desreferencia de puntero NULL) mediante una petición HTTP relacionada con la fun... • http://blog.hac425.top/2018/05/16/CVE-2018-10945-mongoose.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2017-2891
https://notcve.org/view.php?id=CVE-2017-2891
07 Nov 2017 — An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de uso de memoria previamente liberada en la implementación del servidor HTTP de Cesanta Mongoose 6.8. Una petición POST HTTP norma... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-2892
https://notcve.org/view.php?id=CVE-2017-2892
07 Nov 2017 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria en la funcionalidad de análisis sintác... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 1CVE-2017-2894
https://notcve.org/view.php?id=CVE-2017-2894
07 Nov 2017 — An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en pila en la funcionalidad de análisis sintáctico de paquetes MQTT de Cesanta Mongoose 6.8. Un paq... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0401 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-2921
https://notcve.org/view.php?id=CVE-2017-2921
07 Nov 2017 — An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. Existe una vulnerabilidad explotable de corrupción de memoria en la implementación del protocolo Websocket de C... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0428 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-2922
https://notcve.org/view.php?id=CVE-2017-2922
07 Nov 2017 — An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de corrupción de memoria en la implement... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0429 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2017-2893
https://notcve.org/view.php?id=CVE-2017-2893
07 Nov 2017 — An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de desreferencia de puntero NULL en la funcionalidad de análisis sintáctico de paquetes MQTT de Cesanta Mongoose 6.8. Un paquete MQTT... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2895
https://notcve.org/view.php?id=CVE-2017-2895
07 Nov 2017 — An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura de memoria arbitraria en la funcionalidad de análisis sintáctico de paqu... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0402 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2909
https://notcve.org/view.php?id=CVE-2017-2909
07 Nov 2017 — An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. Existe un error de programación de bucle infinito en la funcionalidad del servidor DNS en la biblioteca Cesanta Mongoose 6.8. Una petición DNS especialmente manipulada puede provocar un bucle infinito, resultando en u... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2017-11567 – Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11567
05 Sep 2017 — Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mongoose Web Server en versiones anteriores a la 6.9 permite que atacantes remotos secuestren la autenticación de usuarios para peticiones que modifiquen Mongoose.con... • https://packetstorm.news/files/id/144011 • CWE-352: Cross-Site Request Forgery (CSRF) •