Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
129079.7%CRITICAL

Related CVEs

29
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-63658A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.561.8%Jan 29, 2026
CVE-2025-63657An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.559.8%Jan 29, 2026
CVE-2025-63656An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.559.8%Jan 29, 2026
CVE-2025-63655A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.593.7%Jan 29, 2026
CVE-2025-63653An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.559.8%Jan 29, 2026
CVE-2025-63652A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.559.8%Jan 29, 2026
CVE-2025-63651A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.555.3%Jan 29, 2026
CVE-2025-63650An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.HIGH7.559.8%Jan 29, 2026
CVE-2025-63649An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.HIGH7.556.8%Jan 29, 2026
CVE-2013-2183Monkey HTTP Daemon has local security bypassHIGH7.133.3%Dec 10, 2019
CVE-2013-2159Monkey HTTP Daemon: broken user name authenticationCRITICAL9.884.9%Dec 10, 2019
CVE-2013-1771The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.HIGH7.585.9%Nov 7, 2019
CVE-2014-5336Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.NONE82.4%Aug 26, 2014
CVE-2013-3843Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.NONE97.1%Jun 13, 2014
CVE-2013-2182The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.NONE91.9%Jun 13, 2014
CVE-2013-2163Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.NONE82.8%Jun 13, 2014
CVE-2013-3724The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.NONE96.0%Aug 1, 2013
CVE-2013-2181Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.NONE83.9%Jul 29, 2013
CVE-2012-5303Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.NONE23.7%Oct 5, 2012
CVE-2012-4442Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.NONE23.1%Oct 5, 2012