Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
check mk project vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2014-0243
Check_MK up to and including 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
Check Mk Project Check Mk 1.2.5
Check Mk Project Check Mk
383
VMScore
CVE-2017-11507
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x before 1.2.8p25 and 1.4.0x before 1.4.0p9, allowing an unauthenticated malicious user to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP ba...
Check Mk Project Check Mk 1.4.0
Check Mk Project Check Mk 1.2.8
605
VMScore
CVE-2014-2330
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK prior to 1.2.5i2 allow remote malicious users to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other uns...
Check Mk Project Check Mk
756
VMScore
CVE-2014-2331
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
Check Mk Project Check Mk
490
VMScore
CVE-2014-2332
Check_MK prior to 1.2.2p3 and 1.2.3x prior to 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014...
Check Mk Project Check Mk
312
VMScore
CVE-2014-2329
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK prior to 1.2.2p3 and 1.2.3x prior to 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is ...
Check Mk Project Check Mk
383
VMScore
CVE-2017-9781
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x before 1.4.0p6, allowing an unauthenticated remote malicious user to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unenco...
Check Mk Project Check Mk 1.4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started