Search CVE reports
91 – 100 of 109 results
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | Not in release | Not in release | Fixed |
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved....
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | Not in release | Not in release | Ignored |
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | — | — | Not affected |
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | Not in release | Not in release | Fixed |
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | Not in release | Not in release | Not affected |
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | — | — | Not affected |
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | Not in release | Not in release | Fixed |
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | Not in release | Not in release | Not affected |
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | — | — | — | Not affected |
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format...
1 affected package
check-mk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| check-mk | Not in release | Not in release | Not in release | Vulnerable |