Check Mk Project

Check Mk

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2014-0243

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 02:01:44

Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.

6.1

CVE-2017-11507

Exploit
  • EPSS 0.35%
  • Veröffentlicht 11.12.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username...

6.1

CVE-2017-9781

Exploit
  • EPSS 0.4%
  • Veröffentlicht 21.06.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py...

5.5

CVE-2014-2332

  • EPSS 0.53%
  • Veröffentlicht 31.08.2015 18:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by lev...

8.5

CVE-2014-2331

  • EPSS 0.81%
  • Veröffentlicht 31.08.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

6.8

CVE-2014-2330

  • EPSS 0.17%
  • Veröffentlicht 31.08.2015 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or p...

3.5

CVE-2014-2329

  • EPSS 0.16%
  • Veröffentlicht 31.08.2015 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a...

4.9

CVE-2014-5339

  • EPSS 0.53%
  • Veröffentlicht 02.09.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.

9.3

CVE-2014-5340

  • EPSS 2.96%
  • Veröffentlicht 02.09.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.

3.5

CVE-2014-5338

  • EPSS 0.29%
  • Veröffentlicht 22.08.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_statu...