Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:xymon:xymon:4.0.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-13486 |
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-13485 |
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-13484 |
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-13455 |
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-13452 |
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-13451 |
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-13274 |
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13273 |
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. Published: August 27, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4173 |
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command. Published: October 11, 2013; 6:55:39 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1716 |
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: April 18, 2011; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |