tildeslash 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk denial of service などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-36969 | M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account. | [email protected] | 8.7 | 0.07% | 2026-01-28 | 2026-02-03 |
| CVE-2020-36968 | M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users. | [email protected] | 7.1 | 0.27% | 2026-01-28 | 2026-02-03 |
| CVE-2022-26563 | An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | [email protected] | 8.8 | 0.67% | 2023-07-18 | 2024-11-21 |
| CVE-2019-11455 | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). | [email protected] | 8.1 | 2.04% | 2019-04-22 | 2024-11-21 |
| CVE-2019-11393 | An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter. | [email protected] | 9.8 | 0.44% | 2019-04-22 | 2024-11-21 |
| CVE-2004-1899 | The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | [email protected] | 5.0 | 0.74% | 2004-12-31 | 2026-04-16 |
| CVE-2004-1898 | Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | [email protected] | 10.0 | 34.46% | 2004-12-31 | 2026-04-16 |
| CVE-2003-1083 | Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | [email protected] | 10.0 | 55.81% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1084 | Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. | [email protected] | 5.0 | 5.47% | 2003-11-24 | 2026-04-16 |