Vulnerabilities > Xymon > Xymon > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-27 | CVE-2019-13486 | Out-of-bounds Write vulnerability in multiple products In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. | 7.5 |
| 2019-08-27 | CVE-2019-13485 | Out-of-bounds Write vulnerability in multiple products In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | 7.5 |
| 2019-08-27 | CVE-2019-13484 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | 7.5 |
| 2019-08-27 | CVE-2019-13455 | Out-of-bounds Write vulnerability in multiple products In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. | 7.5 |
| 2019-08-27 | CVE-2019-13452 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. | 7.5 |
| 2019-08-27 | CVE-2019-13451 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. | 7.5 |
| 2019-08-27 | CVE-2019-13274 | Cross-site Scripting vulnerability in multiple products In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | 4.3 |
| 2019-08-27 | CVE-2019-13273 | Out-of-bounds Write vulnerability in multiple products In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. | 7.5 |
| 2013-10-11 | CVE-2013-4173 | Path Traversal vulnerability in Xymon Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. | 5.0 |
| 2011-04-18 | CVE-2011-1716 | Cross-Site Scripting vulnerability in Xymon Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |