CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-20352
https://notcve.org/view.php?id=CVE-2018-20352
10 Jun 2019 — Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. Una vulnerabilidad de uso después de una liberación en la función mg_cgi_ev_handler en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.13 y anteriores permiten un servicio de denegación (cierre inesperado de la aplicación) o ejecución remota de código • https://github.com/insi2304/mongoose-6.13-fuzz • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2017-11567 – Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11567
05 Sep 2017 — Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mongoose Web Server en versiones anteriores a la 6.9 permite que atacantes remotos secuestren la autenticación de usuarios para peticiones que modifiquen Mongoose.con... • https://packetstorm.news/files/id/144011 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 33%CPEs: 2EXPL: 3CVE-2017-7185 – Cesanta Mongoose OS - Use-After-Free
https://notcve.org/view.php?id=CVE-2017-7185
03 Apr 2017 — Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string. Vulnerabilidad use-after-free en la función mg_http_multipart_wait_for_boundary en mongoose.c en Cesanta Mongoose Embedded Web Server Library 6.7 y anteriores y Mongoose OS 1.2 y anteriores... • https://packetstorm.news/files/id/142021 • CWE-416: Use After Free •