Debian/xymon — 19 CVEs · VulnScope

pkg:Debian/xymon

19 total CVEsCRITICAL12HIGH2MEDIUM2LOW1

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2019-13486In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c.
from 0, < 4.3.29-1
CRITICAL9.8CVE-2019-13485In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service…
from 0, < 4.3.29-1
CRITICAL9.8In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c.
from 0, < 4.3.29-1
CRITICAL9.8In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansio…
from 0, < 4.3.29-1
CRITICAL9.8In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
from 0, < 4.3.29-1
CRITICAL9.8In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
from 0, < 4.3.29-1
CRITICAL9.8xymon - security update
from 0, < 4.3.17-6+deb8u2
CRITICAL9.8xymon - security update
from 0, < 4.3.29-1
CRITICAL9.8Buffer overflow in xymon 4.3.17-1.
from 0, < 4.3.17-5
CRITICAL9.8xymon - security update
from 0, < 4.3.17-6+deb8u1
CRITICAL9.8xymon - security update
from 0, < 4.3.25-1
CRITICAL9.8xymon - security update
from 0, < 4.3.0~beta2.dfsg-9.1+deb7u1
HIGH8.8xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacte…
from 0, < 4.3.25-1
HIGH7.5xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuratio…
from 0, < 4.3.25-1
MEDIUM6.1In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
from 0, < 4.3.29-1
MEDIUM5.4Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject…
from 0, < 4.3.25-1
LOW3.3lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allo…
from 0, < 4.3.25-1
—Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitr…
from 0, < 4.3.17-2
—Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web scri…
from 0, < 4.3.7-1