Lucene search
K

195 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.11 views

CVE-2024-38862

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35, 2.1.0p48 and =2.0.0p39 EOL causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators...

5.1CVSS6.8AI score0.00322EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.8 views

CVE-2024-38863

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...

7.5CVSS6.8AI score0.00411EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:26 a.m.9 views

CVE-2024-38858

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view...

6.1CVSS6.8AI score0.00309EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.6 views

CVE-2024-5741

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 EOL...

6.5CVSS6.1AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:4 a.m.5 views

CVE-2024-6052

Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 EOL allows users to execute arbitrary scripts by injecting HTML elements...

6.5CVSS6.4AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.16 views

CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...

7.5CVSS7.1AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.15 views

CVE-2024-6572

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 EOL allows man-in-the-middle attackers to intercept traffic...

7.4CVSS6.8AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.9 views

CVE-2024-28831

Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up...

5.4CVSS6.2AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:35 a.m.16 views

CVE-2024-6542

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk = 2.0.0p39, 2.1.0p47, 2.2.0p32 and 2.3.0p11 allows arbitrary livestatus command execution...

6.5CVSS7AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.11 views

CVE-2023-6740

Privilege escalation in jarsignature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges...

8.8CVSS7.1AI score0.0018EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.13 views

CVE-2023-6156

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command execution for authorized users...

8.8CVSS7.2AI score0.00857EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.9 views

CVE-2023-23549

Improper Input Validation in Checkmk 2.2.0p15, 2.1.0p37, =2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames...

2.7CVSS6.6AI score0.00626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:9 a.m.9 views

CVE-2022-24566

In Checkmk =2.0.0p19 fixed in 2.0.0p20 and Checkmk =1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting XSS...

5.4CVSS6.5AI score0.00563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.12 views

CVE-2022-48319

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...

6.5CVSS7AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.8 views

CVE-2022-24565

Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...

5.4CVSS5.8AI score0.00622EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 p.m.11 views

CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

5.4CVSS5.5AI score0.0172EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.10 views

CVE-2020-28919

A stored cross site scripting XSS vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title...

5.4CVSS5.2AI score0.01078EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 p.m.9 views

CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

7.8CVSS6.4AI score0.00301EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/22 2:16 p.m.18 views

CVE-2025-32915 Sensitive data exposed during automatic agent updates

Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and = 2.1.0p49 EOL. This allows a local attacker to read sensitive data...

4.3CVSS0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.8 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.4.0p1, prior to 2.3.0p32, prior to 2.2.0p42, and 2.1.0p49 and earlier, which stems from improper permissions on the automated proxy update package and could lead to a local...

5.5CVSS6.1AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder