Every CVE whose affected-product data names Cesanta Mjs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (84)
CVE-2023-43338 — CVSS 9.8 (critical): Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability…
CVE-2023-50044 — CVSS 9.8 (critical): Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
CVE-2021-46524 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c.
CVE-2021-46525 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c.
CVE-2021-46526 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c.
CVE-2021-46527 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c.
CVE-2021-46509 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.
CVE-2021-46513 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c.
CVE-2021-46518 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c.
CVE-2021-46519 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c.
CVE-2021-46520 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c.
CVE-2021-46522 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53.
CVE-2021-46523 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c.
CVE-2021-46521 — CVSS 7.8 (high): Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.
CVE-2023-49551 — CVSS 7.5 (high): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
CVE-2023-49552 — CVSS 7.5 (high): An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function…
CVE-2023-49553 — CVSS 7.5 (high): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
CVE-2023-49549 — CVSS 7.5 (high): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
CVE-2024-35386 — CVSS 7.5 (high): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.
CVE-2023-49550 — CVSS 7.5 (high): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
CVE-2021-33446 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-33447 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-33448 — CVSS 5.5 (medium): An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at…
CVE-2021-33449 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-36535 — CVSS 5.5 (medium): Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to…
CVE-2021-46510 — CVSS 5.5 (medium): There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.
CVE-2021-46512 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial…
CVE-2021-46514 — CVSS 5.5 (medium): There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46515 — CVSS 5.5 (medium): There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46516 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to…
CVE-2021-46517 — CVSS 5.5 (medium): There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46528 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial…
CVE-2021-46529 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial…
CVE-2021-46530 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c. This vulnerability can lead to a…
CVE-2021-46531 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8d28e. This vulnerability can lead to a Denial…
CVE-2021-46532 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via exec_expr at src/mjs_exec.c. This vulnerability can lead to a Denial…
CVE-2021-46534 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at src/mjs_exec.c. This vulnerability can…
CVE-2021-46535 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial…
CVE-2021-46537 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial…
CVE-2021-46538 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a…
CVE-2021-46539 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead…
CVE-2021-46540 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builtin.c. This vulnerability can lead to a…
CVE-2021-46541 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. This vulnerability can lead to a Denial…
CVE-2021-46542 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a…
CVE-2021-46543 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can…
CVE-2021-46544 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability…
CVE-2021-46545 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead…
CVE-2021-46546 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a…
CVE-2021-46547 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial…
CVE-2021-46548 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead…
CVE-2021-46549 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a…
CVE-2021-46550 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a…
CVE-2021-46553 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to…
CVE-2021-46554 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to…
CVE-2021-46556 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can…
CVE-2023-29569 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to…
CVE-2023-29570 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a…
CVE-2023-29571 — CVSS 5.5 (medium): Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of…
CVE-2023-30087 — CVSS 5.5 (medium): Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string…
CVE-2020-18392 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2024-35384 — CVSS 5.5 (medium): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.
CVE-2023-30088 — CVSS 5.5 (medium): An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
CVE-2020-36366 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2020-36367 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2020-36368 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a…
CVE-2020-36369 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a…
CVE-2020-36370 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2020-36371 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a…
CVE-2020-36372 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a…
CVE-2020-36373 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2020-36374 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a…
CVE-2020-36375 — CVSS 5.5 (medium): Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2021-33437 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in…
CVE-2021-33438 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in…
CVE-2021-33439 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in…
CVE-2021-33440 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-33441 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-33442 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-33443 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in…
CVE-2021-33444 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2021-33445 — CVSS 5.5 (medium): An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in…
CVE-2024-35385 — CVSS 4.3 (medium): An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.