Monit
by Tildeslash
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26563 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2023 | An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | ||
| CVE-2019-11455 | Hig | 0.53 | 8.1 | 0.03 | Apr 22, 2019 | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). | ||
| CVE-2019-11454 | Med | 0.40 | 6.1 | 0.02 | Apr 22, 2019 | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is… | ||
| CVE-2016-7067 | Med | 0.35 | 6.5 | 0.01 | Sep 10, 2018 | Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. | ||
| CVE-2003-1083 | 0.05 | — | 0.21 | Dec 31, 2003 | Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||
| CVE-2004-1898 | 0.04 | — | 0.17 | Dec 31, 2004 | Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | |||
| CVE-2004-1897 | 0.04 | — | 0.09 | Dec 31, 2004 | Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. | |||
| CVE-2004-1899 | 0.00 | — | 0.02 | Dec 31, 2004 | The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | |||
| CVE-2003-1084 | 0.00 | — | 0.04 | Nov 24, 2003 | Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
- risk 0.53cvss 8.1epss 0.03
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
- risk 0.40cvss 6.1epss 0.02
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is…
- risk 0.35cvss 6.5epss 0.01
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
- CVE-2003-1083Dec 31, 2003risk 0.05cvss —epss 0.21
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
- CVE-2004-1898Dec 31, 2004risk 0.04cvss —epss 0.17
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
- CVE-2004-1897Dec 31, 2004risk 0.04cvss —epss 0.09
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.
- CVE-2004-1899Dec 31, 2004risk 0.00cvss —epss 0.02
The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.
- CVE-2003-1084Nov 24, 2003risk 0.00cvss —epss 0.04
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.