Lucene search
K

101 matches found

OSV
OSV
added 2014/09/02 2:55 p.m.10 views

UBUNTU-CVE-2014-5339

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

4.9CVSS5.9AI score0.01785EPSS
Exploits0References3
CVE
CVE
added 2014/09/02 2:0 p.m.72 views

CVE-2014-5340

CVE-2014-5340 affects Check_MK via the wato component. The underlying issue is the unsafe use of Python’s pickle API in wato, allowing a remote attacker to execute arbitrary code by sending a crafted serialized object, tied to the automation URL. Affected versions noted in sources include Check_M...

9.3CVSS7.4AI score0.06138EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/09/02 2:0 p.m.28 views

CVE-2014-5340

The wato component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL...

7.3AI score0.06138EPSS
Exploits0References4
CVE
CVE
added 2014/09/02 2:0 p.m.62 views

CVE-2014-5339

CVE-2014-5339 affects Check_MK 1.2.4p4 and 1.2.5i4 and prior, where an authenticated remote attacker could abuse row selections to write Check_MK configuration files (.mk) to arbitrary filesystem locations due to an insecure handling path. Affected products/versions in public advisories align wit...

4.9CVSS6.2AI score0.01785EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/09/02 2:0 p.m.25 views

CVE-2014-5339

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

6.2AI score0.01785EPSS
Exploits0References4
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.72 views

Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities

Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...

9.3CVSS6.5AI score0.06138EPSS
Exploits0
NVD
NVD
added 2014/08/22 2:55 p.m.15 views

CVE-2014-5338

Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...

3.5CVSS5.2AI score0.01731EPSS
Exploits0References6
Prion
Prion
added 2014/08/22 2:55 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...

3.5CVSS5.5AI score0.01731EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2014/08/22 2:55 p.m.34 views

CVE-2014-5338

Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...

3.5CVSS5.9AI score0.01731EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/08/22 2:0 p.m.23 views

CVE-2014-5338

Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...

5.2AI score0.01731EPSS
Exploits0References6
CVE
CVE
added 2014/08/22 2:0 p.m.63 views

CVE-2014-5338

CVE-2014-5338 affects Check_MK 1.2.4 (<1.2.4p4) and 1.2.5 (

3.5CVSS5.1AI score0.01731EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.67 views

LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...

5.4AI score0.00594EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.35 views

check_mk symbolic links vulnerability

Symbolic links are not checked during files operation...

1.9AI score0.00594EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2014/05/29 12:0 a.m.88 views

Check_MK Arbitrary File Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...

5.5AI score0.00594EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.149 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk

Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...

8.5CVSS0.1AI score0.02068EPSS
Exploits4
seebug.org
seebug.org
added 2014/03/27 12:0 a.m.41 views

Check_MK任意文件上传漏洞(CVE-2014-2331)

BUGTRAQ ID:66394 CVE ID:CVE-2014-2331 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在任意文件上传漏洞,成功利用后可使远程攻击者向受影响系统上传任意文件。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序: http://mathias-kettner.de...

8.5CVSS6.5AI score0.02068EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/27 12:0 a.m.32 views

Check_MK跨站请求伪造漏洞(CVE-2014-2330)

BUGTRAQ ID:66389 CVE ID:CVE-2014-2330 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在跨站请求伪造漏洞,成功利用后可使远程攻击者在受影响浏览器上下文中执行未授权操作。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序: http://mathias-kettner.de...

6.8CVSS5.4AI score0.01143EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/26 12:0 a.m.33 views

Check_MK 多个HTML注入和跨站脚本漏洞(CVE-2014-2329)

BUGTRAQ ID:66391 CVE ID:CVE-2014-2329 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在多个HTML注入漏洞和跨站脚本漏洞,成功利用后可使远程攻击者在受影响浏览器上下文中运行上传的HTML和脚本代码。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://mathias-kettner.de...

3.5CVSS5.8AI score0.01126EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/26 12:0 a.m.36 views

Check_MK 任意文件删除漏洞(CVE-2014-2332)

BUGTRAQ ID:66396 CVE ID:CVE-2014-2332 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在任意文件删除漏洞,成功利用后可使远程攻击者删除受影响应用上下文内的任意文件。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://mathias-kettner.de...

5.5CVSS6.5AI score0.01433EPSS
Exploits1
Fedora
Fedora
added 2013/07/16 1:38 a.m.28 views

[SECURITY] Fedora 19 Update: nagstamon-0.9.9-9.fc19

Nagstamon is a Nagios status monitor which takes place in system tray or on desktop GNOME, KDE, Windows as floating status bar to inform you in real-time about the status of your Nagios and derivatives monitored network. It allows to connect to multiple Nagios, Icinga, Opsview, Op5,...

5CVSS3.8AI score0.024EPSS
Exploits0
Rows per page
Query Builder