Filtered by vendor Checkmk
Subscriptions
Total
75 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38859 | 1 Checkmk | 1 Checkmk | 2024-12-03 | 6.1 Medium |
| XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. | ||||
| CVE-2024-38862 | 1 Checkmk | 1 Checkmk | 2024-12-03 | 4.4 Medium |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | ||||
| CVE-2024-38863 | 1 Checkmk | 1 Checkmk | 2024-12-03 | 7.5 High |
| Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | ||||
| CVE-2023-31210 | 1 Checkmk | 1 Checkmk | 2024-12-02 | 8.8 High |
| Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | ||||
| CVE-2024-6542 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | ||||
| CVE-2024-6163 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.3 Medium |
| Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | ||||
| CVE-2024-6052 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | ||||
| CVE-2024-5741 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | ||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.9 Medium |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | ||||
| CVE-2024-28828 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | ||||
| CVE-2023-6251 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 3.5 Low |
| Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | ||||
| CVE-2023-6157 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.6 High |
| Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-6156 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.6 High |
| Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-31209 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | ||||
| CVE-2023-23549 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 2.7 Low |
| Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | ||||
| CVE-2023-23548 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | ||||
| CVE-2023-22359 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 4.3 Medium |
| User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | ||||
| CVE-2022-48321 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.8 Medium |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | ||||
| CVE-2022-47909 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.8 Medium |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | ||||
| CVE-2022-46836 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 9.1 Critical |
| PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | ||||