Lucene search
K
Check Mk ProjectCheck Mk

10 matches found

CVE
CVE
added 2015/08/31 6:0 p.m.76 views

CVE-2014-2332

CVE-2014-2332 affects Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5. The issue, tied to insecure direct object references, allows remote authenticated users to delete arbitrary files via a request to an unspecified link. The related advisory notes that exploitation can be facilitated by CVE-2...

5.5CVSS5.1AI score0.01433EPSS
CVE
CVE
added 2015/08/31 6:0 p.m.72 views

CVE-2014-2329

Check_MK is affected in versions before 1.2.2p3 and 1.2.3x before 1.2.3i5 by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of user input. An authenticated remote attacker can inject arbitrary script via the (1) agent string for a check_mk agent, (2) a crafted requ...

3.5CVSS5.1AI score0.01126EPSS
CVE
CVE
added 2014/09/02 2:0 p.m.72 views

CVE-2014-5340

CVE-2014-5340 affects Check_MK via the wato component. The underlying issue is the unsafe use of Python’s pickle API in wato, allowing a remote attacker to execute arbitrary code by sending a crafted serialized object, tied to the automation URL. Affected versions noted in sources include Check_M...

9.3CVSS7.4AI score0.06138EPSS
CVE
CVE
added 2015/08/31 6:0 p.m.66 views

CVE-2014-2330

CVE-2014-2330 corresponds to multiple CSRF flaws in the Check_MK Multisite GUI prior to version 1.2.5i2. The issue allows remote attackers to perform authenticated actions on behalf of users, including uploading arbitrary snapshots and deleting arbitrary files, via unknown vectors. Affected produ...

6.8CVSS6.3AI score0.01143EPSS
CVE
CVE
added 2018/07/19 5:0 p.m.65 views

CVE-2014-0243

CVE-2014-0243 affects Check_MK through 1.2.5i2p1. Local attackers can read arbitrary files by exploiting a symlink in /var/lib/check_mk_agent/job leading to a file disclosure. The connected Nessus data indicates affected Linux builds (e.g., 1.2.3i pre-1.2.5i3) and references a mitigation path: up...

5.5CVSS5.1AI score0.00594EPSS
CVE
CVE
added 2017/12/11 4:0 p.m.63 views

CVE-2017-11507

CVE-2017-11507 affects Check_MK. Vulnerable components: Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9. Root cause: cross-site scripting (XSS) via the output_format parameter and the username theme of failed HTTP Basic authentication attempts, with the injected HTML/JavaSc...

6.1CVSS6.1AI score0.01029EPSS
CVE
CVE
added 2015/08/31 6:0 p.m.62 views

CVE-2014-2331

CVE-2014-2331 affects Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5. Remote authenticated users can execute arbitrary Python code via a crafted rules.mk file in a snapshot. The vulnerability is linked to CVE-2014-2330 (CSRF), indicating a broader chain of issues in the Multisite GUI. No details on root ...

8.5CVSS5.6AI score0.02068EPSS
CVE
CVE
added 2014/08/22 2:0 p.m.62 views

CVE-2014-5338

CVE-2014-5338 affects Check_MK 1.2.4 (<1.2.4p4) and 1.2.5 (

3.5CVSS5.1AI score0.01731EPSS
CVE
CVE
added 2014/09/02 2:0 p.m.62 views

CVE-2014-5339

CVE-2014-5339 affects Check_MK 1.2.4p4 and 1.2.5i4 and prior, where an authenticated remote attacker could abuse row selections to write Check_MK configuration files (.mk) to arbitrary filesystem locations due to an insecure handling path. Affected products/versions in public advisories align wit...

4.9CVSS6.2AI score0.01785EPSS
CVE
CVE
added 2017/06/21 6:0 p.m.57 views

CVE-2017-9781

CVE-2017-9781 affects Checkmk; an unauthenticated attacker could trigger cross-site scripting by supplying crafted input to the _username parameter during authentication to webapi.py, with the vulnerable behavior returning unencoded HTML. The cited advisories (USN-5527-1/2 and OSV-USN entries) de...

6.1CVSS6AI score0.01559EPSS