Monitorix CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-3325	2 Fedoraproject, Fibranet	2 Fedora, Monitorix	2024-11-21	9.8 Critical
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
CVE-2018-7649	1 Fibranet	1 Monitorix	2024-11-21	N/A
Monitorix before 3.10.1 allows XSS via CGI variables.
CVE-2013-7071	1 Fibranet	1 Monitorix	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-7070	1 Fibranet	1 Monitorix	2024-11-21	9.8 Critical
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.

Page 1 of 1.