) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-0243 |
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. Published: July 19, 2018; 1:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2014-5340 |
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. Published: September 02, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
| CVE-2014-5339 |
Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections. Published: September 02, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
| CVE-2014-5338 |
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py. Published: August 22, 2014; 10:55:09 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |