9 matches found
Ubuntu 16.04 ESM : Checkmk vulnerabilities (USN-5527-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5527-2 advisory. USN-5527-1 fixed vulnerabilities in Checkmk. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding...
Ubuntu: Security Advisory (USN-5527-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5527-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5527-2: Checkmk vulnerabilities
USN-5527-1 fixed vulnerabilities in Checkmk. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information...
USN-5527-1: Checkmk vulnerabilities
It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. CVE-2017-14955 It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site...
Ubuntu 18.04 LTS : Checkmk vulnerabilities (USN-5527-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5527-1 advisory. It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to...
Check_MK < 1.4.0p6 webapi.py XSS
The version of CheckMK running on the remote web server is prior to 1.4.0p6. It is, therefore, affected by a reflected cross-site XSS scripting vulnerability in webapi.py due to error messages being interpreted as HTML when they should be plain text. An unauthenticated, remote attacker can exploi...
CVE-2017-9781
A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...
CVE-2017-9781
CVE-2017-9781 affects Checkmk; an unauthenticated attacker could trigger cross-site scripting by supplying crafted input to the _username parameter during authentication to webapi.py, with the vulnerable behavior returning unencoded HTML. The cited advisories (USN-5527-1/2 and OSV-USN entries) de...