Xymon
by Xymon
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2056 | Hig | 0.65 | 8.8 | 0.55 | Apr 13, 2016 | xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | ||
| CVE-2015-1430 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2017 | Buffer overflow in xymon 4.3.17-1. | ||
| CVE-2016-2054 | Cri | 0.64 | 9.8 | 0.06 | Apr 13, 2016 | Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command. | ||
| CVE-2016-2055 | Hig | 0.53 | 7.5 | 0.18 | Apr 13, 2016 | xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | ||
| CVE-2016-2058 | Med | 0.35 | 5.4 | 0.01 | Apr 13, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated… | ||
| CVE-2016-2057 | Low | 0.21 | 3.3 | 0.00 | Apr 13, 2016 | lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. | ||
| CVE-2019-13273 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. | |||
| CVE-2019-13274 | 0.00 | — | 0.01 | Aug 27, 2019 | In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | |||
| CVE-2019-13451 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. | |||
| CVE-2019-13452 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. | |||
| CVE-2019-13455 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. | |||
| CVE-2019-13484 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | |||
| CVE-2019-13485 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | |||
| CVE-2019-13486 | 0.00 | — | 0.02 | Aug 27, 2019 | In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. | |||
| CVE-2013-4173 | 0.00 | — | 0.03 | Oct 11, 2013 | Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command. | |||
| CVE-2011-1716 | 0.00 | — | 0.01 | Apr 18, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.65cvss 8.8epss 0.55
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in xymon 4.3.17-1.
- risk 0.64cvss 9.8epss 0.06
Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.
- risk 0.53cvss 7.5epss 0.18
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
- risk 0.35cvss 5.4epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated…
- risk 0.21cvss 3.3epss 0.00
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
- CVE-2019-13273Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
- CVE-2019-13274Aug 27, 2019risk 0.00cvss —epss 0.01
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
- CVE-2019-13451Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
- CVE-2019-13452Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
- CVE-2019-13455Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.
- CVE-2019-13484Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.
- CVE-2019-13485Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.
- CVE-2019-13486Aug 27, 2019risk 0.00cvss —epss 0.02
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
- CVE-2013-4173Oct 11, 2013risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
- CVE-2011-1716Apr 18, 2011risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.