CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13455
https://notcve.org/view.php?id=CVE-2019-13455
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. En Xymon a través de 4.3.28, existe una vulnerabilidad de desbordamiento de búfer basada en pila en la herramienta CGI de confirmación de alerta debido a expansión en acknowledge.c. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/acknowledge.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html https://lists.xymon.com/archive/2019-July/046570.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13484
https://notcve.org/view.php?id=CVE-2019-13484
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. En Xymon a través de 4.3.28, existe un desbordamiento de búfer en el visor de registro de estado CGI debido a expansión en appfeed.c. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html https://lists.xymon.com/archive/2019-July/046570.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13485
https://notcve.org/view.php?id=CVE-2019-13485
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. En Xymon a través de 4.3.28, existe una vulnerabilidad de desbordamiento de búfer stack-based en el componente del visor de historial a través de un nombre de host largo o un parámetro de servicio en history.c. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html https://lists.xymon.com/archive/2019-July/046570.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13486
https://notcve.org/view.php?id=CVE-2019-13486
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. En Xymon a través de 4.3.28, existe un desbordamiento de búfer stack-based en el componente del visor de registro de estado debido a expansión en svcstatus.c. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/svcstatus.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html https://lists.xymon.com/archive/2019-July/046570.html • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 8%CPEs: 26EXPL: 3CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. • https://www.exploit-db.com/exploits/47688 https://github.com/mbadanoiu/CVE-2019-10092 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://www.openwall.com/lists/oss-security/2019/08/15/4 http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/9 https://access.redhat.com/errata/RHSA-2019:4126 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •