Filtered by vendor Checkmk
Subscriptions
Filtered by product Checkmk
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6542 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | ||||
| CVE-2024-6163 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.3 Medium |
| Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | ||||
| CVE-2024-6052 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | ||||
| CVE-2024-5741 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | ||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.9 Medium |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | ||||
| CVE-2024-28828 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | ||||
| CVE-2024-28827 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. | ||||
| CVE-2024-28826 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | ||||
| CVE-2024-28825 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.9 Medium |
| Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | ||||
| CVE-2024-0638 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.2 High |
| Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | ||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | ||||
| CVE-2023-6735 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | ||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 3.5 Low |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | ||||
| CVE-2023-6157 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.6 High |
| Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-6156 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.6 High |
| Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-31211 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | ||||
| CVE-2023-31210 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | ||||
| CVE-2023-31209 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | ||||
| CVE-2023-31208 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.3 High |
| Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-31207 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 4.4 Medium |
| Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | ||||