Search CVE reports
1 – 10 of 18 results
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update...
1 affected package
monit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and...
1 affected package
monit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.
1 affected package
monitoring-plugins
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monitoring-plugins | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 6
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
1 affected package
monit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monit | Not affected | Fixed | Fixed | Fixed |
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without...
1 affected package
monitorix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monitorix | — | — | Not affected | Not in release |
Some fixes available 5 of 6
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also...
1 affected package
monit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monit | — | Not affected | Not affected | Fixed |
Some fixes available 5 of 6
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of...
1 affected package
monit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monit | — | Not affected | Not affected | Fixed |
Some fixes available 2 of 5
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
1 affected package
monit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| monit | — | — | — | Not affected |
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
gdcm, apache2, apr-util, audacity, ayttm...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gdcm | — | — | — | — |
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
| audacity | — | — | — | — |
| ayttm | — | — | — | — |
| cableswig | — | — | — | — |
| cadaver | — | — | — | — |
| celementtree | — | — | — | — |
| cmake | — | — | — | — |
| coin3 | — | — | — | — |
| expat | — | — | — | — |
| ghostscript | — | — | — | — |
| grmonitor | — | — | — | — |
| insighttoolkit | — | — | — | — |
| kompozer | — | — | — | — |
| libparagui1.1 | — | — | — | — |
| matanza | — | — | — | — |
| paraview | — | — | — | — |
| poco | — | — | — | — |
| python-xml | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| simgear | — | — | — | — |
| sitecopy | — | — | — | — |
| smart | — | — | — | — |
| swish-e | — | — | — | — |
| tdom | — | — | — | — |
| texlive-bin | — | — | — | — |
| tla | — | — | — | — |
| vnc4 | — | — | — | — |
| vtk | — | — | — | — |
| w3c-libwww | — | — | — | — |
| wbxml2 | — | — | — | — |
| wxwidgets2.6 | — | — | — | — |
| wxwidgets2.8 | — | — | — | — |
| wxwindows2.4 | — | — | — | — |
| xmlrpc-c | — | — | — | — |
| xotcl | — | — | — | — |
| xulrunner | — | — | — | — |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
40 affected packages
tdom, apache2, apr-util, audacity, ayttm...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tdom | — | — | — | — |
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
| audacity | — | — | — | — |
| ayttm | — | — | — | — |
| cableswig | — | — | — | — |
| cadaver | — | — | — | — |
| celementtree | — | — | — | — |
| cmake | — | — | — | — |
| coin3 | — | — | — | — |
| expat | — | — | — | — |
| gdcm | — | — | — | — |
| ghostscript | — | — | — | — |
| grmonitor | — | — | — | — |
| insighttoolkit | — | — | — | — |
| kompozer | — | — | — | — |
| libparagui1.1 | — | — | — | — |
| matanza | — | — | — | — |
| paraview | — | — | — | — |
| poco | — | — | — | — |
| python-xml | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| simgear | — | — | — | — |
| sitecopy | — | — | — | — |
| smart | — | — | — | — |
| swish-e | — | — | — | — |
| texlive-bin | — | — | — | — |
| tla | — | — | — | — |
| vnc4 | — | — | — | — |
| vtk | — | — | — | — |
| w3c-libwww | — | — | — | — |
| wbxml2 | — | — | — | — |
| wxwidgets2.6 | — | — | — | — |
| wxwidgets2.8 | — | — | — | — |
| wxwindows2.4 | — | — | — | — |
| xmlrpc-c | — | — | — | — |
| xotcl | — | — | — | — |
| xulrunner | — | — | — | — |