Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:xymon:xymon:4.0.1:*:*:*:*:*:*:*
Informations
Vendor
xymonProduct
xymonVersion
4.0.1Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. | 9.8 |
Critical |
||
| In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | 6.1 |
Medium |
||
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. | 9.8 |
Critical |
||
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. | 9.8 |
Critical |
||
| In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. | 9.8 |
Critical |
||
| In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | 9.8 |
Critical |
||
| In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | 9.8 |
Critical |
||
| In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. | 9.8 |
Critical |
||
| Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command. | 5 |
|||
| Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
