Tildeslash
Products
2- 9 CVEs
- 5 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11393 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2019 | An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter. | ||
| CVE-2022-26563 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2023 | An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | ||
| CVE-2019-11455 | Hig | 0.53 | 8.1 | 0.03 | Apr 22, 2019 | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). | ||
| CVE-2019-11454 | Med | 0.40 | 6.1 | 0.02 | Apr 22, 2019 | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is… | ||
| CVE-2016-7067 | Med | 0.35 | 6.5 | 0.01 | Sep 10, 2018 | Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. | ||
| CVE-2003-1083 | 0.05 | — | 0.21 | Dec 31, 2003 | Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||
| CVE-2014-6607 | 0.04 | — | 0.07 | Oct 6, 2014 | M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409. | |||
| CVE-2004-1897 | 0.04 | — | 0.09 | Dec 31, 2004 | Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. | |||
| CVE-2004-1898 | 0.04 | — | 0.17 | Dec 31, 2004 | Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | |||
| CVE-2014-6409 | 0.03 | — | 0.02 | Oct 6, 2014 | Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update. | |||
| CVE-2020-36969 | 0.00 | — | 0.00 | Jan 28, 2026 | M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative… | |||
| CVE-2020-36968 | 0.00 | — | 0.00 | Jan 28, 2026 | M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5… | |||
| CVE-2004-1899 | 0.00 | — | 0.02 | Dec 31, 2004 | The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | |||
| CVE-2003-1084 | 0.00 | — | 0.04 | Nov 24, 2003 | Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. |
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
- risk 0.53cvss 8.1epss 0.03
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
- risk 0.40cvss 6.1epss 0.02
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is…
- risk 0.35cvss 6.5epss 0.01
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
- CVE-2003-1083Dec 31, 2003risk 0.05cvss —epss 0.21
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
- CVE-2014-6607Oct 6, 2014risk 0.04cvss —epss 0.07
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
- CVE-2004-1897Dec 31, 2004risk 0.04cvss —epss 0.09
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.
- CVE-2004-1898Dec 31, 2004risk 0.04cvss —epss 0.17
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
- CVE-2014-6409Oct 6, 2014risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
- CVE-2020-36969Jan 28, 2026risk 0.00cvss —epss 0.00
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative…
- CVE-2020-36968Jan 28, 2026risk 0.00cvss —epss 0.00
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5…
- CVE-2004-1899Dec 31, 2004risk 0.00cvss —epss 0.02
The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.
- CVE-2003-1084Nov 24, 2003risk 0.00cvss —epss 0.04
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.