Page 2 of 29 results (0.006 seconds)

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic La verificación incorrecta de la clave del host en la verificación activa 'Check SFTP Service' y el agente especial 'VNX quotas and filesystem' en Checkmk anterior a Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 y 2.0.0 (EOL) permite a los atacantes intermediarios interceptar el tráfico • https://checkmk.com/werk/17148 • CWE-322: Key Exchange without Entity Authentication •

CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. • https://checkmk.com/werk/17232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. • https://checkmk.com/werk/17026 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. La violación de privilegios mínimos y la dependencia de entradas no confiables en el complemento del agente Checkmk mk_informix anterior a Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 y 2.0.0 (EOL) permite que los usuarios locales escalen privilegios. • https://checkmk.com/werk/16249 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. La neutralización incorrecta de los delimitadores de comandos de estado de vida en mknotifyd en Checkmk &lt;= 2.0.0p39, &lt; 2.1.0p47, &lt; 2.2.0p32 y &lt; 2.3.0p11 permite la ejecución arbitraria de comandos de estado de vida. • https://checkmk.com/werk/17013 • CWE-140: Improper Neutralization of Delimiters •