7 matches found
CVE-2019-11455
CVE-2019-11455 is a buffer over-read in Monit’s Util_urlDecode (util.c). Pre-fix versions are affected; multiple advisories note the issue alongside CVE-2019-11454. Ubuntu/Debian/Fedora and Mageia/NASL records indicate fixes in updated Monit packages across distros (e.g., Debian 9 stretch fix in ...
CVE-2022-26563
CVE-2022-26563 affects Monit before 5.31.0. The issue is due to improper PAM authorization, enabling remote attackers to gain escalated privileges. Affected versions are Monit prior to 5.31.0; multiple advisories general guidance to update. Remediation: upgrade to Monit 5.31.0 or later (or apply ...
CVE-2019-11393
Affected product: M/Monit prior to version 3.7.3. Vulnerability: In /admin/users/update, unprivileged users can escalate to administrator by requesting a password change and supplying the admin parameter. Root cause: Privilege escalation through an unauthorized admin flag during password-change f...
CVE-2003-1083
Monit
CVE-2003-1084
CVE-2003-1084 affects Monit 1.4–4.1. A remote attacker can cause a denial of service by sending an HTTP POST with a negative Content-Length, crashing the Monit daemon. The underlying issue is improper handling/validation of HTTP request parameters (Content-Length) in Monit’s HTTP processing, per ...
CVE-2004-1899
The CVE-2004-1899 entry applies to Monit’s administration interface, affecting versions 1.4 through 4.2. The issue is an off-by-one overflow triggered by a POST containing 1024 bytes, enabling remote attackers to exploit the vulnerability via the admin interface. The connected documents consisten...
CVE-2004-1898
Monit vulnerability CVE-2004-1898: stack-based buffer overflow in the administration interface affecting Monit 1.4–4.2. Remote attackers can cause arbitrary code execution via a long username.