Filtered by vendor Checkmk
Subscribe
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | |||||
| CVE-2024-28828 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | |||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2023-6735 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
| Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 3.5 LOW |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | |||||
| CVE-2023-6157 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 7.6 HIGH |
| Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | |||||
| CVE-2023-6156 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 7.6 HIGH |
| Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | |||||
| CVE-2023-31211 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | |||||
| CVE-2023-31210 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
| Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | |||||
| CVE-2023-31209 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
| Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | |||||
| CVE-2023-31208 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 8.3 HIGH |
| Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | |||||
| CVE-2023-2020 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | |||||
| CVE-2023-23549 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 2.7 LOW |
| Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | |||||
| CVE-2023-23548 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.4 MEDIUM |
| Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | |||||
| CVE-2023-22359 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 4.3 MEDIUM |
| User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | |||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | |||||
| CVE-2023-22288 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 4.1 MEDIUM |
| HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | |||||
| CVE-2023-1768 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 3.7 LOW |
| Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. | |||||
| CVE-2023-0284 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. | |||||
| CVE-2022-4884 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 3.5 LOW |
| Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. | |||||