1058 matches found
CVE-2025-65502
Null pointer dereference in addcacerts in Cesanta Mongoose before...
Linux Distros Unpatched Vulnerability : CVE-2023-2905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...
Linux Distros Unpatched Vulnerability : CVE-2021-26530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after...
Linux Distros Unpatched Vulnerability : CVE-2026-5244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler...
Linux Distros Unpatched Vulnerability : CVE-2026-6985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component...
Linux Distros Unpatched Vulnerability : CVE-2026-5246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384...
Linux Distros Unpatched Vulnerability : CVE-2021-26528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...
Linux Distros Unpatched Vulnerability : CVE-2026-6986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the...
Linux Distros Unpatched Vulnerability : CVE-2025-65502
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where...
Linux Distros Unpatched Vulnerability : CVE-2020-25756
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can...
Linux Distros Unpatched Vulnerability : CVE-2021-26529
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...
JLSEC-2026-369 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function...
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
JLSEC-2026-373
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...
JLSEC-2026-370 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
JLSEC-2026-366 A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the...
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
JLSEC-2026-367 A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the...
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...
JLSEC-2026-371 A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function...
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...
JLSEC-2026-368 A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function...
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...
JLSEC-2026-372
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6986
A flaw was found in Cesanta Mongoose. A remote attacker could exploit a vulnerability in the GCM Authentication Tag Handler, specifically within the mgaesgcmdecrypt function. This flaw allows for improper verification of cryptographic signatures, which could lead to a bypass of integrity checks...