195 matches found
CVE-2025-1712
Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...
CVE-2025-1712 Arbitrary file write with vcrtrace
Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...
CVE-2025-1712 Arbitrary file write with vcrtrace
Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...
CVE-2025-32917
Privilege escalation in jarsignature agent plugin in Checkmk versions 2.4.0b7 beta, 2.3.0p32, 2.2.0p42, and 2.1.0p49 EOL allow user with write access to JAVAHOME/bin directory to escalate privileges...
CVE-2025-32917
Privilege escalation in jarsignature agent plugin in Checkmk versions 2.4.0b7 beta, 2.3.0p32, 2.2.0p42, and 2.1.0p49 EOL allow user with write access to JAVAHOME/bin directory to escalate privileges...
PT-2025-20885 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.4.0b7 beta Checkmk versions prior to 2.3.0p32 Checkmk versions prior to 2.2.0p42 Checkmk version 2.1.0p49 Description: The issue allows a user with write access to the JAVA HOME/bin directory to escalate privileges...
CVE-2025-2092
Checkmk CVE-2025-2092 affects Checkmk versions <2.3.0p29, <2.2.0p41 and
CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
CVE-2025-2596
Session logout could be overwritten in Checkmk GmbH's Checkmk versions 2.3.0p30, 2.2.0p41, and 2.1.0p49 EOL...
CVE-2025-2596
Session logout could be overwritten in Checkmk GmbH's Checkmk versions 2.3.0p30, 2.2.0p41, and 2.1.0p49 EOL...
CVE-2025-2596
CVE-2025-2596 concerns Checkmk software from Checkmk GmbH where session logout can be overwritten by a long-lasting request. Affected versions are <2.3.0p30,
CVE-2025-1075
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...
UBUNTU-CVE-2025-1075
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...
CVE-2025-1075 LDAP credentials logged to Apache error log
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...
Checkmk 2.3.0p2 / NagVis 1.9.40 Shell Upload Vulnerability
Title: Checkmk NagVis Remote Code Execution Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt 1. Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE Classification:...
Checkmk 2.3.0p2 / NagVis 1.9.40 Cross Site Scripting Vulnerability
Title: Checkmk NagVis Reflected Cross-site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt 1. Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE...
UBUNTU-CVE-2024-13723
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP...
CVE-2024-13723 Checkmk NagVis Remote Code Execution
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP...
PT-2025-2259 · Nagvis +2 · Nagvis +2
Name of the Vulnerable Software and Affected Versions: Checkmk affected versions not specified Description: The issue concerns the "NagVis" component within Checkmk, which is susceptible to remote code execution. An authenticated attacker with administrative level privileges can upload a maliciou...