VYPR

Monit

by Tildeslash

Source repositories

CVEs (9)

  • CVE-2022-26563HigJul 18, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.

  • CVE-2019-11455HigApr 22, 2019
    risk 0.53cvss 8.1epss 0.03

    A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

  • CVE-2019-11454MedApr 22, 2019
    risk 0.40cvss 6.1epss 0.02

    Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is…

  • CVE-2016-7067MedSep 10, 2018
    risk 0.35cvss 6.5epss 0.01

    Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.

  • CVE-2003-1083Dec 31, 2003
    risk 0.05cvss epss 0.21

    Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.

  • CVE-2004-1898Dec 31, 2004
    risk 0.04cvss epss 0.17

    Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.

  • CVE-2004-1897Dec 31, 2004
    risk 0.04cvss epss 0.09

    Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.

  • CVE-2004-1899Dec 31, 2004
    risk 0.00cvss epss 0.02

    The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.

  • CVE-2003-1084Nov 24, 2003
    risk 0.00cvss epss 0.04

    Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.