Vulnerabilites related to xymon - xymon
cve-2019-13455
Vulnerability from cvelistv5
Published
2019-08-27 16:28
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM | |
| https://lists.xymon.com/archive/2019-July/046570.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of \u0026nbsp; expansion in acknowledge.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:28:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of \u0026nbsp; expansion in acknowledge.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"name": "https://lists.xymon.com/archive/2019-July/046570.html",
"refsource": "CONFIRM",
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13455",
"datePublished": "2019-08-27T16:28:15",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13484
Vulnerability from cvelistv5
Published
2019-08-27 16:26
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM | |
| https://lists.xymon.com/archive/2019-July/046570.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of \u0026nbsp; expansion in appfeed.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:26:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of \u0026nbsp; expansion in appfeed.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"name": "https://lists.xymon.com/archive/2019-July/046570.html",
"refsource": "CONFIRM",
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13484",
"datePublished": "2019-08-27T16:26:53",
"dateReserved": "2019-07-10T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2055
Vulnerability from cvelistv5
Published
2016-04-13 16:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537522/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2016/dsa-3495 | vendor-advisory, x_refsource_DEBIAN | |
| https://sourceforge.net/p/xymon/code/7890/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/xymon/code/7890/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a \"config\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/xymon/code/7890/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a \"config\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "https://sourceforge.net/p/xymon/code/7890/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7890/"
},
{
"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2055",
"datePublished": "2016-04-13T16:00:00",
"dateReserved": "2016-01-25T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13452
Vulnerability from cvelistv5
Published
2019-08-27 16:31
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM | |
| https://lists.xymon.com/archive/2019-July/046570.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:31:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"name": "https://lists.xymon.com/archive/2019-July/046570.html",
"refsource": "CONFIRM",
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13452",
"datePublished": "2019-08-27T16:31:49",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13273
Vulnerability from cvelistv5
Published
2019-08-27 16:52
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:52:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13273",
"datePublished": "2019-08-27T16:52:01",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13486
Vulnerability from cvelistv5
Published
2019-08-27 16:01
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM | |
| https://lists.xymon.com/archive/2019-July/046570.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:38.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of \u0026nbsp; expansion in svcstatus.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:01:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of \u0026nbsp; expansion in svcstatus.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"name": "https://lists.xymon.com/archive/2019-July/046570.html",
"refsource": "CONFIRM",
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13486",
"datePublished": "2019-08-27T16:01:29",
"dateReserved": "2019-07-10T00:00:00",
"dateUpdated": "2024-08-04T23:57:38.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13485
Vulnerability from cvelistv5
Published
2019-08-27 16:25
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM | |
| https://lists.xymon.com/archive/2019-July/046570.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:38.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:25:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"name": "https://lists.xymon.com/archive/2019-July/046570.html",
"refsource": "CONFIRM",
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13485",
"datePublished": "2019-08-27T16:25:52",
"dateReserved": "2019-07-10T00:00:00",
"dateUpdated": "2024-08-04T23:57:38.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13451
Vulnerability from cvelistv5
Published
2019-08-27 16:37
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM | |
| https://lists.xymon.com/archive/2019-July/046570.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:37:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"name": "https://lists.xymon.com/archive/2019-July/046570.html",
"refsource": "CONFIRM",
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13451",
"datePublished": "2019-08-27T16:37:07",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1716
Vulnerability from cvelistv5
Published
2011-04-18 18:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/517325/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/47156 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66542 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/71489 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/517316/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8209 | third-party-advisory, x_refsource_SREASON | |
| http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673&view=markup | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44036 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110404 Re: Xymon monitor cross-site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"name": "47156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47156"
},
{
"name": "xymonmonitor-multiple-xss(66542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
},
{
"name": "71489",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71489"
},
{
"name": "20110403 Xymon monitor cross-site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"name": "8209",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673\u0026view=markup"
},
{
"name": "44036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110404 Re: Xymon monitor cross-site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"name": "47156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47156"
},
{
"name": "xymonmonitor-multiple-xss(66542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
},
{
"name": "71489",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71489"
},
{
"name": "20110403 Xymon monitor cross-site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"name": "8209",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673\u0026view=markup"
},
{
"name": "44036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110404 Re: Xymon monitor cross-site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"name": "47156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47156"
},
{
"name": "xymonmonitor-multiple-xss(66542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
},
{
"name": "71489",
"refsource": "OSVDB",
"url": "http://osvdb.org/71489"
},
{
"name": "20110403 Xymon monitor cross-site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"name": "8209",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8209"
},
{
"name": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673\u0026view=markup"
},
{
"name": "44036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1716",
"datePublished": "2011-04-18T18:00:00",
"dateReserved": "2011-04-18T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1430
Vulnerability from cvelistv5
Published
2017-08-28 15:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
Buffer overflow in xymon 4.3.17-1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/31/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150131 Re: CVE request: Xymon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/31/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in xymon 4.3.17-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150131 Re: CVE request: Xymon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/31/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in xymon 4.3.17-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150131 Re: CVE request: Xymon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/31/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1430",
"datePublished": "2017-08-28T15:00:00",
"dateReserved": "2015-01-31T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2057
Vulnerability from cvelistv5
Published
2016-04-13 16:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537522/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://sourceforge.net/p/xymon/code/7891/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3495 | vendor-advisory, x_refsource_DEBIAN | |
| http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/xymon/code/7891/"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/xymon/code/7891/"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "https://sourceforge.net/p/xymon/code/7891/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7891/"
},
{
"name": "DSA-3495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2057",
"datePublished": "2016-04-13T16:00:00",
"dateReserved": "2016-01-25T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2056
Vulnerability from cvelistv5
Published
2016-04-13 16:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537522/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://sourceforge.net/p/xymon/code/7892/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3495 | vendor-advisory, x_refsource_DEBIAN | |
| http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T13:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "https://sourceforge.net/p/xymon/code/7892/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"name": "DSA-3495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"name": "http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2056",
"datePublished": "2016-04-13T16:00:00",
"dateReserved": "2016-01-25T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4173
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-09-16 23:27
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/07/27/3 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:213 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:00.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/"
},
{
"name": "[oss-security] 20130727 Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/27/3"
},
{
"name": "MDVSA-2013:213",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:213"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a \"drophost\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/"
},
{
"name": "[oss-security] 20130727 Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/27/3"
},
{
"name": "MDVSA-2013:213",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:213"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a \"drophost\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/"
},
{
"name": "[oss-security] 20130727 Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/27/3"
},
{
"name": "MDVSA-2013:213",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:213"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4173",
"datePublished": "2013-10-11T22:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T23:27:07.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13274
Vulnerability from cvelistv5
Published
2019-08-27 16:49
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:49:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c",
"refsource": "MISC",
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13274",
"datePublished": "2019-08-27T16:49:13",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2054
Vulnerability from cvelistv5
Published
2016-04-13 16:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/xymon/code/7859/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537522/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2016/dsa-3495 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.xymon.com/archive/2016-February/042986.html | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/xymon/code/7860/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/xymon/code/7859/"
},
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/xymon/code/7860/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/xymon/code/7859/"
},
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/xymon/code/7860/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/xymon/code/7859/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7859/"
},
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "DSA-3495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "[Xymon] 20160208 Xymon 4.3.25 - Important Security Update",
"refsource": "MLIST",
"url": "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"name": "https://sourceforge.net/p/xymon/code/7860/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7860/"
},
{
"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2054",
"datePublished": "2016-04-13T16:00:00",
"dateReserved": "2016-01-25T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2058
Vulnerability from cvelistv5
Published
2016-04-13 16:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537522/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://sourceforge.net/p/xymon/code/7892/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3495 | vendor-advisory, x_refsource_DEBIAN | |
| http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"name": "DSA-3495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"name": "https://sourceforge.net/p/xymon/code/7892/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"name": "DSA-3495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2058",
"datePublished": "2016-04-13T16:00:00",
"dateReserved": "2016-01-25T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.xymon.com/archive/2019-July/046570.html | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.xymon.com/archive/2019-July/046570.html | Exploit, Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of \u0026nbsp; expansion in acknowledge.c."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la herramienta CGI de confirmaci\u00f3n de alerta debido a \u00a0 expansi\u00f3n en acknowledge.c."
}
],
"id": "CVE-2019-13455",
"lastModified": "2024-11-21T04:24:56.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of \u0026nbsp; expansion in appfeed.c."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe un desbordamiento de b\u00fafer en el visor de registro de estado CGI debido a \u00a0 expansi\u00f3n en appfeed.c."
}
],
"id": "CVE-2019-13484",
"lastModified": "2024-11-21T04:24:59.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-18 18:55
Modified
2024-11-21 01:26
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | * | |
| xymon | xymon | 4.0 | |
| xymon | xymon | 4.0.1 | |
| xymon | xymon | 4.0.2 | |
| xymon | xymon | 4.0.3 | |
| xymon | xymon | 4.0.4 | |
| xymon | xymon | 4.1.0 | |
| xymon | xymon | 4.1.1 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.2.0 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:beta3:*:*:*:*:*:*",
"matchCriteriaId": "BD14F8B7-F57C-424F-BF38-CF9F54A4E838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:beta4:*:*:*:*:*:*",
"matchCriteriaId": "15F71F03-2D65-4324-A459-90A375AAAF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:beta5:*:*:*:*:*:*",
"matchCriteriaId": "EF49DB6E-A1AF-47C4-8BE3-D034123171CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AABC1B37-75A0-4C1F-B512-73F8BF1D2592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "77CD6EEB-DE9B-4C49-86A7-F855B5EF1C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2797102B-29CC-41B6-B5F1-D468246CDE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D392EB3D-E120-4E4D-A467-08BC1FBCAF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CEBED51A-3260-419E-AF81-2E323283729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "61C0908F-1EA0-4E01-9E84-43700E2E3D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4E47DC8E-2196-45DF-985E-9892235A6108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F370198-BB7D-4235-BD66-DC61E4B123F5",
"versionEndIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E3D6A-8A6D-4C38-9695-3B4B68805206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CA43BB-EB51-4DE2-BDBE-4AB36ABB45A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B777EA27-4EF3-43A4-B526-04B3D781B37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D529B6C-13F4-42E0-91A8-A453D1FB18DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FB831F-695C-4ACD-B9B6-91910CC38E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "6A33AD76-55B7-42B4-997B-B4C595030AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9A6911-0622-4A71-8ADA-1BC162F12C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDF60-02D7-4192-A3BE-6D35A6BAE886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8AE0300B-8514-409A-AA89-A591918855C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2FD5FA1D-576F-4A4F-873B-8F47BD871374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB113981-5BE0-4AAC-94E3-6A2C34A5E7E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el Web UI en Xymon anterior a v4.3.1 permite a atacantes remotos inyectar script de su elecci\u00f3n o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-1716",
"lastModified": "2024-11-21T01:26:51.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-18T18:55:02.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/71489"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44036"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8209"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47156"
},
{
"source": "cve@mitre.org",
"url": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-13 16:59
Modified
2024-11-21 02:47
Severity ?
Summary
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | 4.1.0 | |
| xymon | xymon | 4.1.1 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2.0 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.1 | |
| xymon | xymon | 4.3.2 | |
| xymon | xymon | 4.3.3 | |
| xymon | xymon | 4.3.4 | |
| xymon | xymon | 4.3.5 | |
| xymon | xymon | 4.3.6 | |
| xymon | xymon | 4.3.7 | |
| xymon | xymon | 4.3.8 | |
| xymon | xymon | 4.3.9 | |
| xymon | xymon | 4.3.10 | |
| xymon | xymon | 4.3.11 | |
| xymon | xymon | 4.3.12 | |
| xymon | xymon | 4.3.13 | |
| xymon | xymon | 4.3.14 | |
| xymon | xymon | 4.3.15 | |
| xymon | xymon | 4.3.16 | |
| xymon | xymon | 4.3.17 | |
| xymon | xymon | 4.3.18 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.20 | |
| xymon | xymon | 4.3.21 | |
| xymon | xymon | 4.3.22 | |
| xymon | xymon | 4.3.23 | |
| xymon | xymon | 4.3.24 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "6A33AD76-55B7-42B4-997B-B4C595030AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9A6911-0622-4A71-8ADA-1BC162F12C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:alfa:*:*:*:*:*:*",
"matchCriteriaId": "DD605003-3DEC-44C3-9A61-9DAA3FFEF4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:beta20060605:*:*:*:*:*:*",
"matchCriteriaId": "6D967474-9D3D-4555-9C28-AD9F38D0F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:rc20060712:*:*:*:*:*:*",
"matchCriteriaId": "B0623B70-5545-4D9E-80B2-F12363933152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBC151E-A02F-409B-86E1-9B3F59966F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59DEEBE8-4A76-4DF8-8DD4-0446EA6CDDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "699A4A57-0488-43A1-9BC9-68F69326CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDF60-02D7-4192-A3BE-6D35A6BAE886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8AE0300B-8514-409A-AA89-A591918855C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2FD5FA1D-576F-4A4F-873B-8F47BD871374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB113981-5BE0-4AAC-94E3-6A2C34A5E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EA40FA-CA00-43B6-80DF-DFD2C1D77ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8785A4E4-22A1-437C-9CBB-9B141938DF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EF9762-78D4-4C99-B986-BDA9D8C334F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D161D58-6573-426B-9578-C2340280CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3148DF23-6EA1-4091-BFF0-14E33895B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD586CB-19F5-41A3-86A6-46986156DC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC494B4-0A5A-4D55-B98B-D929394F7839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B17CB4-E8CE-4C3E-B0D1-86FCEBA2F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B4A8F-D0EF-4C50-AA0E-6507F1815595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD471985-1D60-4E68-B862-7DCC18A76235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E92CA4-44AB-4A95-A8D5-57F9167E4549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FC838D-6AA2-491C-9F1C-0B69141531CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA6306-D261-459E-B311-7AD978E915A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6C75E3-6935-435F-989B-811C6D9846FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68AC81-36CB-493D-AB17-4C753148C04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A1FD6-DAB8-4A19-A279-8DD721E9BF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0D78C91F-1763-40C0-906C-9DE90E8776C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2B213484-1A35-4024-96B8-B5642E7FFF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3F5E6-3C5C-436D-B131-AB9F328CFB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BA9B919-E977-4C76-8132-D5C72EE0ED80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F75C2CF-95CC-4510-AD93-7ABF8F810DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "20837B84-D33F-49AE-A886-53683351746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB87EA-D745-4776-991D-EABFD7CFD149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "56394517-A9F0-4BEE-A185-0684BE30CF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2788A97E-E027-424B-85CF-4121CFC81671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue."
},
{
"lang": "es",
"value": "lib/xymond_ipc.c en Xymon 4.1.x, 4.2.x y 4.3.x en versiones anteriores a 4.3.25 utiliza permisos d\u00e9biles (666) para una cola de mensajes IPC no especificada, lo que permite a usuarios locales inyectar mensajes arbitrarios escribiendo en esa cola."
}
],
"id": "CVE-2016-2057",
"lastModified": "2024-11-21T02:47:42.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T16:59:07.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7891/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7891/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-13 16:59
Modified
2024-11-21 02:47
Severity ?
Summary
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | 4.1.0 | |
| xymon | xymon | 4.1.1 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2.0 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.1 | |
| xymon | xymon | 4.3.2 | |
| xymon | xymon | 4.3.3 | |
| xymon | xymon | 4.3.4 | |
| xymon | xymon | 4.3.5 | |
| xymon | xymon | 4.3.6 | |
| xymon | xymon | 4.3.7 | |
| xymon | xymon | 4.3.8 | |
| xymon | xymon | 4.3.9 | |
| xymon | xymon | 4.3.10 | |
| xymon | xymon | 4.3.11 | |
| xymon | xymon | 4.3.12 | |
| xymon | xymon | 4.3.13 | |
| xymon | xymon | 4.3.14 | |
| xymon | xymon | 4.3.15 | |
| xymon | xymon | 4.3.16 | |
| xymon | xymon | 4.3.17 | |
| xymon | xymon | 4.3.18 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.20 | |
| xymon | xymon | 4.3.21 | |
| xymon | xymon | 4.3.22 | |
| xymon | xymon | 4.3.23 | |
| xymon | xymon | 4.3.24 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "6A33AD76-55B7-42B4-997B-B4C595030AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9A6911-0622-4A71-8ADA-1BC162F12C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:alfa:*:*:*:*:*:*",
"matchCriteriaId": "DD605003-3DEC-44C3-9A61-9DAA3FFEF4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:beta20060605:*:*:*:*:*:*",
"matchCriteriaId": "6D967474-9D3D-4555-9C28-AD9F38D0F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:rc20060712:*:*:*:*:*:*",
"matchCriteriaId": "B0623B70-5545-4D9E-80B2-F12363933152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBC151E-A02F-409B-86E1-9B3F59966F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59DEEBE8-4A76-4DF8-8DD4-0446EA6CDDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "699A4A57-0488-43A1-9BC9-68F69326CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDF60-02D7-4192-A3BE-6D35A6BAE886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8AE0300B-8514-409A-AA89-A591918855C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2FD5FA1D-576F-4A4F-873B-8F47BD871374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB113981-5BE0-4AAC-94E3-6A2C34A5E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EA40FA-CA00-43B6-80DF-DFD2C1D77ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8785A4E4-22A1-437C-9CBB-9B141938DF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EF9762-78D4-4C99-B986-BDA9D8C334F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D161D58-6573-426B-9578-C2340280CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3148DF23-6EA1-4091-BFF0-14E33895B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD586CB-19F5-41A3-86A6-46986156DC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC494B4-0A5A-4D55-B98B-D929394F7839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B17CB4-E8CE-4C3E-B0D1-86FCEBA2F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B4A8F-D0EF-4C50-AA0E-6507F1815595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD471985-1D60-4E68-B862-7DCC18A76235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E92CA4-44AB-4A95-A8D5-57F9167E4549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FC838D-6AA2-491C-9F1C-0B69141531CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA6306-D261-459E-B311-7AD978E915A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6C75E3-6935-435F-989B-811C6D9846FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68AC81-36CB-493D-AB17-4C753148C04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A1FD6-DAB8-4A19-A279-8DD721E9BF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0D78C91F-1763-40C0-906C-9DE90E8776C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2B213484-1A35-4024-96B8-B5642E7FFF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3F5E6-3C5C-436D-B131-AB9F328CFB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BA9B919-E977-4C76-8132-D5C72EE0ED80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F75C2CF-95CC-4510-AD93-7ABF8F810DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "20837B84-D33F-49AE-A886-53683351746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB87EA-D745-4776-991D-EABFD7CFD149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "56394517-A9F0-4BEE-A185-0684BE30CF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2788A97E-E027-424B-85CF-4121CFC81671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c."
},
{
"lang": "es",
"value": "xymond en Xymon 4.1.x, 4.2.x y 4.3.x en versiones anteriores a 4.3.25 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en el argumento adduser_name en (1) web/useradm.c o (2) web/chpasswd.c."
}
],
"id": "CVE-2016-2056",
"lastModified": "2024-11-21T02:47:42.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T16:59:06.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe una vulnerabilidad de desbordamiento de b\u00fafer en el script CGI csvinfo. El desbordamiento se puede aprovechar enviando una solicitud GET creada que desencadena una sprintf del par\u00e1metro srcdb."
}
],
"id": "CVE-2019-13273",
"lastModified": "2024-11-21T04:24:35.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe una vulnerabilidad XSS en el script CGI csvinfo debido a un filtrado insuficiente del par\u00e1metro db."
}
],
"id": "CVE-2019-13274",
"lastModified": "2024-11-21T04:24:36.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-28 15:29
Modified
2024-11-21 02:25
Severity ?
Summary
Buffer overflow in xymon 4.3.17-1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/01/31/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/31/4 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E880225B-9250-4D39-A80B-4B6FA3C3B253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in xymon 4.3.17-1."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en xymon 4.3.17-1."
}
],
"id": "CVE-2015-1430",
"lastModified": "2024-11-21T02:25:24.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-28T15:29:01.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/31/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/31/4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of \u0026nbsp; expansion in svcstatus.c."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe un desbordamiento de b\u00fafer stack-based en el componente del visor de registro de estado debido a \u00a0 expansi\u00f3n en svcstatus.c."
}
],
"id": "CVE-2019-13486",
"lastModified": "2024-11-21T04:24:59.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe una vulnerabilidad de desbordamiento de b\u00fafer en history.c."
}
],
"id": "CVE-2019-13451",
"lastModified": "2024-11-21T04:24:55.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-13 16:59
Modified
2024-11-21 02:47
Severity ?
Summary
Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| xymon | xymon | 4.1.0 | |
| xymon | xymon | 4.1.1 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2.0 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.1 | |
| xymon | xymon | 4.3.2 | |
| xymon | xymon | 4.3.3 | |
| xymon | xymon | 4.3.4 | |
| xymon | xymon | 4.3.5 | |
| xymon | xymon | 4.3.6 | |
| xymon | xymon | 4.3.7 | |
| xymon | xymon | 4.3.8 | |
| xymon | xymon | 4.3.9 | |
| xymon | xymon | 4.3.10 | |
| xymon | xymon | 4.3.11 | |
| xymon | xymon | 4.3.12 | |
| xymon | xymon | 4.3.13 | |
| xymon | xymon | 4.3.14 | |
| xymon | xymon | 4.3.15 | |
| xymon | xymon | 4.3.16 | |
| xymon | xymon | 4.3.17 | |
| xymon | xymon | 4.3.18 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.20 | |
| xymon | xymon | 4.3.21 | |
| xymon | xymon | 4.3.22 | |
| xymon | xymon | 4.3.23 | |
| xymon | xymon | 4.3.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "6A33AD76-55B7-42B4-997B-B4C595030AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9A6911-0622-4A71-8ADA-1BC162F12C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:alfa:*:*:*:*:*:*",
"matchCriteriaId": "DD605003-3DEC-44C3-9A61-9DAA3FFEF4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:beta20060605:*:*:*:*:*:*",
"matchCriteriaId": "6D967474-9D3D-4555-9C28-AD9F38D0F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:rc20060712:*:*:*:*:*:*",
"matchCriteriaId": "B0623B70-5545-4D9E-80B2-F12363933152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBC151E-A02F-409B-86E1-9B3F59966F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59DEEBE8-4A76-4DF8-8DD4-0446EA6CDDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "699A4A57-0488-43A1-9BC9-68F69326CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDF60-02D7-4192-A3BE-6D35A6BAE886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8AE0300B-8514-409A-AA89-A591918855C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2FD5FA1D-576F-4A4F-873B-8F47BD871374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB113981-5BE0-4AAC-94E3-6A2C34A5E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EA40FA-CA00-43B6-80DF-DFD2C1D77ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8785A4E4-22A1-437C-9CBB-9B141938DF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EF9762-78D4-4C99-B986-BDA9D8C334F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D161D58-6573-426B-9578-C2340280CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3148DF23-6EA1-4091-BFF0-14E33895B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD586CB-19F5-41A3-86A6-46986156DC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC494B4-0A5A-4D55-B98B-D929394F7839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B17CB4-E8CE-4C3E-B0D1-86FCEBA2F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B4A8F-D0EF-4C50-AA0E-6507F1815595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD471985-1D60-4E68-B862-7DCC18A76235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E92CA4-44AB-4A95-A8D5-57F9167E4549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FC838D-6AA2-491C-9F1C-0B69141531CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA6306-D261-459E-B311-7AD978E915A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6C75E3-6935-435F-989B-811C6D9846FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68AC81-36CB-493D-AB17-4C753148C04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A1FD6-DAB8-4A19-A279-8DD721E9BF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0D78C91F-1763-40C0-906C-9DE90E8776C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2B213484-1A35-4024-96B8-B5642E7FFF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3F5E6-3C5C-436D-B131-AB9F328CFB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BA9B919-E977-4C76-8132-D5C72EE0ED80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F75C2CF-95CC-4510-AD93-7ABF8F810DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "20837B84-D33F-49AE-A886-53683351746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB87EA-D745-4776-991D-EABFD7CFD149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "56394517-A9F0-4BEE-A185-0684BE30CF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2788A97E-E027-424B-85CF-4121CFC81671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en xymond/xymond.c en xymond en Xymon 4.1.x, 4.2.x y 4.3.x en versiones anteriores a 4.3.25 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un nombre de archivo largo, implicando el manejo de un comando \"config\"."
}
],
"id": "CVE-2016-2054",
"lastModified": "2024-11-21T02:47:42.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T16:59:04.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7859/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7860/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.xymon.com/archive/2016-February/042986.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7859/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7860/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-13 16:59
Modified
2024-11-21 02:47
Severity ?
Summary
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | 4.1.0 | |
| xymon | xymon | 4.1.1 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2.0 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.1 | |
| xymon | xymon | 4.3.2 | |
| xymon | xymon | 4.3.3 | |
| xymon | xymon | 4.3.4 | |
| xymon | xymon | 4.3.5 | |
| xymon | xymon | 4.3.6 | |
| xymon | xymon | 4.3.7 | |
| xymon | xymon | 4.3.8 | |
| xymon | xymon | 4.3.9 | |
| xymon | xymon | 4.3.10 | |
| xymon | xymon | 4.3.11 | |
| xymon | xymon | 4.3.12 | |
| xymon | xymon | 4.3.13 | |
| xymon | xymon | 4.3.14 | |
| xymon | xymon | 4.3.15 | |
| xymon | xymon | 4.3.16 | |
| xymon | xymon | 4.3.17 | |
| xymon | xymon | 4.3.18 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.20 | |
| xymon | xymon | 4.3.21 | |
| xymon | xymon | 4.3.22 | |
| xymon | xymon | 4.3.23 | |
| xymon | xymon | 4.3.24 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "6A33AD76-55B7-42B4-997B-B4C595030AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9A6911-0622-4A71-8ADA-1BC162F12C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:alfa:*:*:*:*:*:*",
"matchCriteriaId": "DD605003-3DEC-44C3-9A61-9DAA3FFEF4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:beta20060605:*:*:*:*:*:*",
"matchCriteriaId": "6D967474-9D3D-4555-9C28-AD9F38D0F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:rc20060712:*:*:*:*:*:*",
"matchCriteriaId": "B0623B70-5545-4D9E-80B2-F12363933152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBC151E-A02F-409B-86E1-9B3F59966F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59DEEBE8-4A76-4DF8-8DD4-0446EA6CDDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "699A4A57-0488-43A1-9BC9-68F69326CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDF60-02D7-4192-A3BE-6D35A6BAE886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8AE0300B-8514-409A-AA89-A591918855C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2FD5FA1D-576F-4A4F-873B-8F47BD871374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB113981-5BE0-4AAC-94E3-6A2C34A5E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EA40FA-CA00-43B6-80DF-DFD2C1D77ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8785A4E4-22A1-437C-9CBB-9B141938DF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EF9762-78D4-4C99-B986-BDA9D8C334F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D161D58-6573-426B-9578-C2340280CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3148DF23-6EA1-4091-BFF0-14E33895B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD586CB-19F5-41A3-86A6-46986156DC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC494B4-0A5A-4D55-B98B-D929394F7839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B17CB4-E8CE-4C3E-B0D1-86FCEBA2F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B4A8F-D0EF-4C50-AA0E-6507F1815595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD471985-1D60-4E68-B862-7DCC18A76235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E92CA4-44AB-4A95-A8D5-57F9167E4549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FC838D-6AA2-491C-9F1C-0B69141531CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA6306-D261-459E-B311-7AD978E915A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6C75E3-6935-435F-989B-811C6D9846FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68AC81-36CB-493D-AB17-4C753148C04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A1FD6-DAB8-4A19-A279-8DD721E9BF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0D78C91F-1763-40C0-906C-9DE90E8776C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2B213484-1A35-4024-96B8-B5642E7FFF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3F5E6-3C5C-436D-B131-AB9F328CFB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BA9B919-E977-4C76-8132-D5C72EE0ED80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F75C2CF-95CC-4510-AD93-7ABF8F810DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "20837B84-D33F-49AE-A886-53683351746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB87EA-D745-4776-991D-EABFD7CFD149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "56394517-A9F0-4BEE-A185-0684BE30CF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2788A97E-E027-424B-85CF-4121CFC81671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a \"config\" command."
},
{
"lang": "es",
"value": "xymond/xymond.c en xymond en Xymon 4.1.x, 4.2.x y 4.3.x en versiones anteriores a 4.3.25 permite a atacantes remotos leer archivos arbitrarios en el directorio de configuraci\u00f3n a trav\u00e9s de un comando \"config\"."
}
],
"id": "CVE-2016-2055",
"lastModified": "2024-11-21T02:47:42.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T16:59:05.440",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7890/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7890/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-13 16:59
Modified
2024-11-21 02:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| xymon | xymon | 4.1.0 | |
| xymon | xymon | 4.1.1 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.1.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2 | |
| xymon | xymon | 4.2.0 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.2 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.2.3 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.0 | |
| xymon | xymon | 4.3.1 | |
| xymon | xymon | 4.3.2 | |
| xymon | xymon | 4.3.3 | |
| xymon | xymon | 4.3.4 | |
| xymon | xymon | 4.3.5 | |
| xymon | xymon | 4.3.6 | |
| xymon | xymon | 4.3.7 | |
| xymon | xymon | 4.3.8 | |
| xymon | xymon | 4.3.9 | |
| xymon | xymon | 4.3.10 | |
| xymon | xymon | 4.3.11 | |
| xymon | xymon | 4.3.12 | |
| xymon | xymon | 4.3.13 | |
| xymon | xymon | 4.3.14 | |
| xymon | xymon | 4.3.15 | |
| xymon | xymon | 4.3.16 | |
| xymon | xymon | 4.3.17 | |
| xymon | xymon | 4.3.18 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.19 | |
| xymon | xymon | 4.3.20 | |
| xymon | xymon | 4.3.21 | |
| xymon | xymon | 4.3.22 | |
| xymon | xymon | 4.3.23 | |
| xymon | xymon | 4.3.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "6A33AD76-55B7-42B4-997B-B4C595030AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "DB9A6911-0622-4A71-8ADA-1BC162F12C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:alfa:*:*:*:*:*:*",
"matchCriteriaId": "DD605003-3DEC-44C3-9A61-9DAA3FFEF4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:beta20060605:*:*:*:*:*:*",
"matchCriteriaId": "6D967474-9D3D-4555-9C28-AD9F38D0F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2:rc20060712:*:*:*:*:*:*",
"matchCriteriaId": "B0623B70-5545-4D9E-80B2-F12363933152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBC151E-A02F-409B-86E1-9B3F59966F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59DEEBE8-4A76-4DF8-8DD4-0446EA6CDDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "699A4A57-0488-43A1-9BC9-68F69326CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E4BEDF60-02D7-4192-A3BE-6D35A6BAE886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8AE0300B-8514-409A-AA89-A591918855C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2FD5FA1D-576F-4A4F-873B-8F47BD871374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EB113981-5BE0-4AAC-94E3-6A2C34A5E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EA40FA-CA00-43B6-80DF-DFD2C1D77ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8785A4E4-22A1-437C-9CBB-9B141938DF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EF9762-78D4-4C99-B986-BDA9D8C334F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D161D58-6573-426B-9578-C2340280CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3148DF23-6EA1-4091-BFF0-14E33895B7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD586CB-19F5-41A3-86A6-46986156DC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC494B4-0A5A-4D55-B98B-D929394F7839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B17CB4-E8CE-4C3E-B0D1-86FCEBA2F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B4A8F-D0EF-4C50-AA0E-6507F1815595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD471985-1D60-4E68-B862-7DCC18A76235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E92CA4-44AB-4A95-A8D5-57F9167E4549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FC838D-6AA2-491C-9F1C-0B69141531CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA6306-D261-459E-B311-7AD978E915A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6C75E3-6935-435F-989B-811C6D9846FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68AC81-36CB-493D-AB17-4C753148C04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A1FD6-DAB8-4A19-A279-8DD721E9BF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0D78C91F-1763-40C0-906C-9DE90E8776C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2B213484-1A35-4024-96B8-B5642E7FFF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3F5E6-3C5C-436D-B131-AB9F328CFB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2BA9B919-E977-4C76-8132-D5C72EE0ED80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F75C2CF-95CC-4510-AD93-7ABF8F810DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "20837B84-D33F-49AE-A886-53683351746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB87EA-D745-4776-991D-EABFD7CFD149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "56394517-A9F0-4BEE-A185-0684BE30CF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2788A97E-E027-424B-85CF-4121CFC81671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Xymon 4.1.x, 4.2.x y 4.3.x en versiones anteriores a 4.3.25 permiten a (1) clientes remotos Xymon inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un mensaje de estado, que no se maneja correctamente en la p\u00e1gina \"detailed status\", o (2) usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un mensaje de reconocimiento, que no se maneja correctamente en la p\u00e1gina \"status\"."
}
],
"id": "CVE-2016-2058",
"lastModified": "2024-11-21T02:47:42.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T16:59:08.787",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/xymon/code/7892/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe una vulnerabilidad de desbordamiento de b\u00fafer en reportlog.c."
}
],
"id": "CVE-2019-13452",
"lastModified": "2024-11-21T04:24:55.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-27 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Third Party Advisory | |
| cve@mitre.org | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.xymon.com/archive/2019-July/046570.html | Mailing List, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xymon | xymon | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399",
"versionEndIncluding": "4.3.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c."
},
{
"lang": "es",
"value": "En Xymon a trav\u00e9s de 4.3.28, existe una vulnerabilidad de desbordamiento de b\u00fafer stack-based en el componente del visor de historial a trav\u00e9s de un nombre de host largo o un par\u00e1metro de servicio en history.c."
}
],
"id": "CVE-2019-13485",
"lastModified": "2024-11-21T04:24:59.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-27T17:15:10.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.xymon.com/archive/2019-July/046570.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75583A3D-A88B-4119-A66D-6FB79759C5D1",
"versionEndIncluding": "4.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E3D6A-8A6D-4C38-9695-3B4B68805206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CA43BB-EB51-4DE2-BDBE-4AB36ABB45A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B777EA27-4EF3-43A4-B526-04B3D781B37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D529B6C-13F4-42E0-91A8-A453D1FB18DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FB831F-695C-4ACD-B9B6-91910CC38E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9FA93-847A-4643-BB90-90AC31DE7C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7DED6-B90D-4A05-ACF1-510D16B2C1F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EBFA2C-78A8-45BB-B6E2-F74595943813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8483753-07E0-476A-8D04-85905B50CEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1071598C-C7CC-4704-A883-7FBAE94F3573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C4977F-2C44-4222-BD38-266127076A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xymon:xymon:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "699A4A57-0488-43A1-9BC9-68F69326CD65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a \"drophost\" command."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el demonio trend-data (xymond_rrd) en Xymon 4.x anterior a la versi\u00f3n 4.3.12 permite a atacantes remotos eliminar archivos arbitrarios a trav\u00e9s de .. (punto punto) en el nombre del host en un comando \"drophost\"."
}
],
"id": "CVE-2013-4173",
"lastModified": "2024-11-21T01:55:02.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-11T22:55:39.707",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:213"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/07/27/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/07/27/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}