Xymon: >> Xymon >> 4.3.17-1 Security Vulnerabilities
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-27
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
Buffer overflow in xymon 4.3.17-1.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-08-28