1445 matches found
CVE-2024-28832
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 EOL allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings...
CVE-2024-28831
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up...
CVE-2024-8606
Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...
CVE-2024-47094
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p22, 2.2.0p37, 2.1.0p50 EOL causes remote site secrets to be written to web log files accessible to local site users...
CVE-2024-6542
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk = 2.0.0p39, 2.1.0p47, 2.2.0p32 and 2.3.0p11 allows arbitrary livestatus command execution...
CVE-2024-38861
Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4amk through 2.0a...
CVE-2024-38864
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p23, 2.2.0p38 and = 2.1.0p49 EOL allows a local attacker to read sensitive data...
CVE-2023-0284
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...
CVE-2023-6740
Privilege escalation in jarsignature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges...
CVE-2023-31211
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials...
CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command execution for authorized users...
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written to the site Apache access log...
CVE-2023-6735
Privilege escalation in mktsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges...
CVE-2023-23549
Improper Input Validation in Checkmk 2.2.0p15, 2.1.0p37, =2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames...
CVE-2023-23548
Reflected XSS in business intelligence in Checkmk 2.2.0p8, 2.1.0p32, 2.0.0p38, =1.6.0p30...
CVE-2023-22318
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5...
CVE-2023-22307
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files...
CVE-2023-22309
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4...
CVE-2023-2020
Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...
CVE-2023-22359
User enumeration in Checkmk =2.2.0p4 allows an authenticated attacker to enumerate usernames...