VYPR
Vendor

Xymon

Products
1
CVEs
16
Across products
16
Status
Private

Products

1

Recent CVEs

16
  • CVE-2016-2056HigApr 13, 2016
    risk 0.65cvss 8.8epss 0.55

    xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.

  • CVE-2015-1430CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow in xymon 4.3.17-1.

  • CVE-2016-2054CriApr 13, 2016
    risk 0.64cvss 9.8epss 0.06

    Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

  • CVE-2016-2055HigApr 13, 2016
    risk 0.53cvss 7.5epss 0.18

    xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

  • CVE-2016-2058MedApr 13, 2016
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated…

  • CVE-2016-2057LowApr 13, 2016
    risk 0.21cvss 3.3epss 0.00

    lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

  • CVE-2019-13273Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.

  • CVE-2019-13274Aug 27, 2019
    risk 0.00cvss epss 0.01

    In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.

  • CVE-2019-13451Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.

  • CVE-2019-13452Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.

  • CVE-2019-13455Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.

  • CVE-2019-13484Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.

  • CVE-2019-13485Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.

  • CVE-2019-13486Aug 27, 2019
    risk 0.00cvss epss 0.02

    In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.

  • CVE-2013-4173Oct 11, 2013
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.

  • CVE-2011-1716Apr 18, 2011
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.