Xymon Security Vulnerabilities and Issues — Xymon CVE List

Lucene search

XymonXymon

16 matches found

CVE•added 2019/08/27 5:15 p.m.•125 views

CVE-2019-13455

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.

9.8CVSS9.5AI score0.01049EPSS

CVE•added 2019/08/27 5:15 p.m.•122 views

CVE-2019-13273

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.

9.8CVSS9.5AI score0.00474EPSS

CVE•added 2019/08/27 5:15 p.m.•119 views

CVE-2019-13486

In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.

9.8CVSS9.5AI score0.00962EPSS

CVE•added 2019/08/27 5:15 p.m.•116 views

CVE-2019-13484

In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.

9.8CVSS9.6AI score0.00962EPSS

CVE•added 2019/08/27 5:15 p.m.•114 views

CVE-2019-13274

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.

6.1CVSS7.2AI score0.00248EPSS

CVE•added 2019/08/27 5:15 p.m.•114 views

CVE-2019-13452

In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.

9.8CVSS9.5AI score0.00962EPSS

CVE•added 2019/08/27 5:15 p.m.•113 views

CVE-2019-13485

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.

9.8CVSS9.3AI score0.00962EPSS

CVE•added 2019/08/27 5:15 p.m.•112 views

CVE-2019-13451

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.

9.8CVSS9.5AI score0.00962EPSS

CVE•added 2016/04/13 4:59 p.m.•93 views

CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.

8.8CVSS9.1AI score0.66019EPSS

CVE•added 2016/04/13 4:59 p.m.•57 views

CVE-2016-2057

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

3.3CVSS6.1AI score0.00106EPSS

CVE•added 2016/04/13 4:59 p.m.•56 views

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

7.5CVSS8.2AI score0.67997EPSS

CVE•added 2016/04/13 4:59 p.m.•50 views

CVE-2016-2058

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arb...

5.4CVSS6.4AI score0.00249EPSS

CVE•added 2016/04/13 4:59 p.m.•46 views

CVE-2016-2054

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

9.8CVSS9.6AI score0.02908EPSS

CVE•added 2013/10/11 10:55 p.m.•44 views

CVE-2013-4173

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.

5CVSS6.7AI score0.01438EPSS

CVE•added 2011/04/18 6:55 p.m.•35 views

CVE-2011-1716

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00503EPSS

CVE•added 2017/08/28 3:29 p.m.•30 views

CVE-2015-1430

Buffer overflow in xymon 4.3.17-1.

9.8CVSS9.6AI score0.00436EPSS