Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
check mk vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2014-0243
Check_MK up to and including 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
Check Mk Project Check Mk 1.2.5
Check Mk Project Check Mk
4.3
CVSSv2
CVE-2017-11507
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x before 1.2.8p25 and 1.4.0x before 1.4.0p9, allowing an unauthenticated malicious user to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP ba...
Check Mk Project Check Mk 1.4.0
Check Mk Project Check Mk 1.2.8
3.5
CVSSv2
CVE-2014-2329
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK prior to 1.2.2p3 and 1.2.3x prior to 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is ...
Check Mk Project Check Mk
6.8
CVSSv2
CVE-2014-2330
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK prior to 1.2.5i2 allow remote malicious users to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other uns...
Check Mk Project Check Mk
8.5
CVSSv2
CVE-2014-2331
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
Check Mk Project Check Mk
5.5
CVSSv2
CVE-2014-2332
Check_MK prior to 1.2.2p3 and 1.2.3x prior to 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014...
Check Mk Project Check Mk
4.3
CVSSv2
CVE-2017-9781
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x before 1.4.0p6, allowing an unauthenticated remote malicious user to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unenco...
Check Mk Project Check Mk 1.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started