Check Mk

check_mk

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0243 1Check Mk Project 1Check Mk Nov 21, 2024 Jul 19, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
CVE-2017-11507 1Check Mk Project 1Check Mk May 13, 2026 Dec 11, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_form...Show more A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.Show less
CVE-2017-9781 1Check Mk Project 1Check Mk May 13, 2026 Jun 21, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempti...Show more A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.Show less
CVE-2014-2332 1Check Mk Project 1Check Mk May 6, 2026 Aug 31, 2015 N/A· v4 N/A· v3 5.5 MEDIUM· v2 Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploi...Show more Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.Show less
CVE-2014-2331 1Check Mk Project 1Check Mk May 6, 2026 Aug 31, 2015 N/A· v4 N/A· v3 8.5 HIGH· v2 Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014...Show more Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.Show less
CVE-2014-2330 1Check Mk Project 1Check Mk May 6, 2026 Aug 31, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.Show less
CVE-2014-2329 1Check Mk Project 1Check Mk May 6, 2026 Aug 31, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk age...Show more Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.Show less
CVE-2014-5340 1Check Mk Project 1Check Mk May 6, 2026 Sep 2, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automa...Show more The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.Show less
CVE-2014-5339 1Check Mk Project 1Check Mk May 6, 2026 Sep 2, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.
CVE-2014-5338 1Check Mk Project 1Check Mk May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified v...Show more Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.Show less