Vulnerabilities > Tildeslash
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-18 | CVE-2022-26563 | Incorrect Authorization vulnerability in Tildeslash Monit An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | 8.8 |
2019-04-22 | CVE-2019-11455 | Out-of-bounds Read vulnerability in multiple products A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. | 8.1 |
2019-04-22 | CVE-2019-11393 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tildeslash Monit An issue was discovered in /admin/users/update in M/Monit before 3.7.3. | 5.0 |
2004-12-31 | CVE-2004-1899 | Remote vulnerability in Multiple Monit Administration Interface The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | 5.0 |
2004-12-31 | CVE-2004-1898 | Remote vulnerability in Multiple Monit Administration Interface Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | 10.0 |
2004-12-31 | CVE-2004-1897 | Remote vulnerability in Multiple Monit Administration Interface Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. | 5.0 |
2003-12-31 | CVE-2003-1083 | Buffer Overrun vulnerability in Monit Overly Long HTTP Request Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | 10.0 |
2003-11-24 | CVE-2003-1084 | Denial of Service vulnerability in Monit HTTP Content-Length Parameter Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. | 5.0 |