Lucene search
K

244 matches found

OSV
OSV
added 2019/09/06 9:9 p.m.8 views

MGASA-2019-0246 Updated monit packages fix security vulnerabilities

Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...

8.1CVSS6.8AI score0.03138EPSS
Exploits2References3
Mageia
Mageia
added 2019/09/06 9:9 p.m.37 views

Updated monit packages fix security vulnerabilities

Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...

8.1CVSS2AI score0.03138EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2019/05/09 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-3971-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.03138EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/05/09 12:0 a.m.26 views

Ubuntu 18.10 / 19.04 : Monit vulnerabilities (USN-3971-1)

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak...

8.1CVSS7.2AI score0.03138EPSS
Exploits2References3
Ubuntu
Ubuntu
added 2019/05/08 6:49 p.m.94 views

USN-3971-1: Monit vulnerabilities

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak...

8.1CVSS6.9AI score0.03138EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2019/04/29 12:0 a.m.25 views

Debian DLA-1767-1 : monit security update

Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. CVE-2019-11454 An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file content when viewed via Monit GUI. CVE-2019-11455 A buffer overrun vulnerabilit...

8.1CVSS6.9AI score0.03138EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2019/04/27 12:0 a.m.27 views

Debian: Security Advisory (DLA-1767-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.03138EPSS
Exploits2References3
Debian
Debian
added 2019/04/26 9:36 p.m.133 views

[SECURITY] [DLA 1767-1] monit security update

Package : monit Version : 1:5.9-1+deb8u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. CVE-2019-11454 An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file...

8.1CVSS7.5AI score0.03138EPSS
Exploits2
OSV
OSV
added 2019/04/26 12:0 a.m.20 views

DLA-1767-1 monit - security update

Bulletin has no description...

8.1CVSS6.8AI score0.03138EPSS
Exploits2
OpenVAS
OpenVAS
added 2019/04/24 12:0 a.m.45 views

Tildeslash Monit < 5.25.3 Multiple Vulnerabilities

Monit is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

7.2AI score
Exploits0References3
OSV
OSV
added 2019/04/22 4:29 p.m.5 views

ALPINE-CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

6.1CVSS6.1AI score0.02414EPSS
Exploits1References1
OSV
OSV
added 2019/04/22 4:29 p.m.3 views

ALPINE-CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

8.1CVSS6.9AI score0.03138EPSS
Exploits1References1
OSV
OSV
added 2019/04/22 4:29 p.m.2 views

DEBIAN-CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

6.1CVSS6AI score0.02414EPSS
Exploits1References1
OSV
OSV
added 2019/04/22 4:29 p.m.1 views

DEBIAN-CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

8.1CVSS6.9AI score0.03138EPSS
Exploits1References1
OSV
OSV
added 2019/04/22 4:29 p.m.23 views

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

6.1CVSS5.9AI score
Exploits0References8
OSV
OSV
added 2019/04/22 4:29 p.m.20 views

CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

8.1CVSS6.5AI score
Exploits0References8
NVD
NVD
added 2019/04/22 4:29 p.m.19 views

CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

8.1CVSS7.7AI score0.03138EPSS
Exploits1References8
Prion
Prion
added 2019/04/22 4:29 p.m.16 views

Buffer overflow

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

5.5CVSS7.5AI score0.03138EPSS
Exploits1References8Affected Software4
Prion
Prion
added 2019/04/22 4:29 p.m.16 views

Cross site scripting

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

4.3CVSS6.4AI score0.02414EPSS
Exploits1References8Affected Software4
Debian CVE
Debian CVE
added 2019/04/22 3:6 p.m.30 views

CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

8.1CVSS7.7AI score0.03138EPSS
Exploits1
Rows per page
Query Builder