VYPR

Check Mk

by Check Mk Project

CVEs (11)

  • CVE-2017-14955MedOct 2, 2017
    risk 0.42cvss 5.9epss 0.12

    Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

  • CVE-2017-11507MedDec 11, 2017
    risk 0.40cvss 6.1epss 0.01

    A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP…

  • CVE-2017-9781MedJun 21, 2017
    risk 0.40cvss 6.1epss 0.02

    A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded…

  • CVE-2014-0243MedJul 19, 2018
    risk 0.36cvss 5.5epss 0.01

    Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.

  • CVE-2014-2332Aug 31, 2015
    risk 0.00cvss epss 0.01

    Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

  • CVE-2014-2331Aug 31, 2015
    risk 0.00cvss epss 0.02

    Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

  • CVE-2014-2330Aug 31, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other…

  • CVE-2014-2329Aug 31, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not…

  • CVE-2014-5340Sep 2, 2014
    risk 0.00cvss epss 0.06

    The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.

  • CVE-2014-5339Sep 2, 2014
    risk 0.00cvss epss 0.02

    Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.

  • CVE-2014-5338Aug 22, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in…