ALT Linux Team

Package monit update in sisyphus_riscv64 on 2021-12-18

ALT-PU-2021-4626-1

Package monit updated to version 5.29.0-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2019-03-04

BDU:2020-01554

Уязвимость утилиты для управления и мониторинга процессов, программ, файлов и каталогов Monit, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2019-03-04

BDU:2020-01555

Уязвимость реализации метода Util_urlDecode утилиты для управления и мониторинга процессов, программ, файлов и каталогов Monit, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: HIGH (8.5) Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C
References:
Published: 2019-04-22
Modified: 2024-11-21

CVE-2019-11454

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2019-04-22
Modified: 2024-11-21

CVE-2019-11455

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top