RSS   Vulnerabilities for 'Xymon'   RSS

2019-08-27
 
CVE-2019-13486

CWE-119
 

 
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c.

 
 
CVE-2019-13485

CWE-119
 

 
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.

 
 
CVE-2019-13484

CWE-119
 

 
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c.

 
 
CVE-2019-13455

CWE-119
 

 
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c.

 
 
CVE-2019-13452

CWE-119
 

 
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.

 
 
CVE-2019-13451

CWE-119
 

 
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.

 
 
CVE-2019-13274

CWE-79
 

 
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.

 
 
CVE-2019-13273

CWE-119
 

 
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.

 
2017-08-28
 
CVE-2015-1430

 

 
Buffer overflow in xymon 4.3.17-1.

 
2016-04-13
 
CVE-2016-2058

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.

 


Copyright 2024, cxsecurity.com

 

Back to Top