Tildeslash

tildeslash

9 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-36969 1Tildeslash 1M/monit Feb 3, 2026 Jan 28, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/upda...Show more M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.Show less
CVE-2020-36968 1Tildeslash 1M/monit Feb 3, 2026 Jan 28, 2026 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/li...Show more M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.Show less
CVE-2022-26563 1Tildeslash 1Monit Nov 21, 2024 Jul 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVE-2019-11455 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraMonit+1 more Nov 21, 2024 Apr 22, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker...Show more A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).Show less
CVE-2019-11393 1Tildeslash 1Monit Nov 21, 2024 Apr 22, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
CVE-2004-1899 1Tildeslash 1Monit Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.
CVE-2004-1898 1Tildeslash 1Monit Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
CVE-2003-1083 1Tildeslash 1Monit Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2003-1084 1Tildeslash 1Monit Apr 16, 2026 Nov 24, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.