Skip to main content

Xymon

15 CVEs product

Monthly

CVE-2019-13486 CRITICAL Act Now

In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13485 CRITICAL Act Now

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13484 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13455 CRITICAL POC Act Now

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-13452 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13451 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-13274 MEDIUM This Month

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xymon Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13273 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-1430 CRITICAL Act Now

Buffer overflow in xymon 4.3.17-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-2058 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Debian Linux Xymon
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2057 LOW PATCH Monitor

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Privilege Escalation Xymon Debian Linux
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-2056 HIGH POC PATCH THREAT Act Now

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.3%.

Command Injection Xymon Debian Linux
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
56.3%
Threat
5.0
CVE-2016-2055 HIGH POC PATCH THREAT Act Now

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.0%.

Information Disclosure Xymon Debian Linux
NVD
CVSS 3.0
7.5
EPSS
68.0%
Threat
5.0
CVE-2016-2054 CRITICAL PATCH Act Now

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Debian Linux Xymon
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2013-4173 MEDIUM PATCH This Month

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Xymon
NVD
CVSS 2.0
5.0
EPSS
0.7%
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xymon +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xymon Debian Linux
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Buffer overflow in xymon 4.3.17-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Debian Linux Xymon
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Privilege Escalation Xymon Debian Linux
NVD
EPSS 56% 5.0 CVSS 8.8
HIGH POC PATCH THREAT Act Now

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.3%.

Command Injection Xymon Debian Linux
NVD Exploit-DB
EPSS 68% 5.0 CVSS 7.5
HIGH POC PATCH THREAT Act Now

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.0%.

Information Disclosure Xymon Debian Linux
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Xymon
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy