1387 matches found
EUVD-2024-55577
Privilege escalation in the mkmysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary cod...
CVE-2024-47091
Privilege escalation in the mkmysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary cod...
CVE-2024-47091 Privilege escalation via mk_mysql agent plugin on Windows
Privilege escalation in the mkmysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary cod...
CVE-2024-47091
Privilege escalation in the mkmysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary cod...
CVE-2024-47091
CVE-2024-47091 describes a local privilege escalation in the Windows mk_mysql agent plugin used by Checkmk. A local unprivileged user can escalate by creating a Windows service whose name matches 'MySQL' or 'MariaDB' (or by gaining write access to a binary referenced by such a service). This allo...
CVE-2024-47091 Privilege escalation via mk_mysql agent plugin on Windows
Privilege escalation in the mkmysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary cod...
Checkmk 代码问题漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p29, 2.3.0p47, and 2.2.0 contained code vulnerabilities. These vulnerabilities stemmed from permission escalation issues within the mkmysql proxy plugin on Windows, which could allow...
PT-2026-40585
Privilege escalation in the mk mysql agent plugin on Windows in Checkmk 2.4.0p29, 2.3.0p47, and 2.2.0 EOL allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' or with write access to a binary referenced by such a service to execute arbitrary co...
CVE-2026-33457
Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...
CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...
CVE-2026-33455
Livestatus injection in the monitoring quicksearch in Checkmk 2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins...
Linux Distros Unpatched Vulnerability : CVE-2026-33455
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Livestatus injection in the monitoring quicksearch in Checkmk 2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to...
Linux Distros Unpatched Vulnerability : CVE-2026-33457
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus command...
Linux Distros Unpatched Vulnerability : CVE-2026-3466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0...
Linux Distros Unpatched Vulnerability : CVE-2025-39666
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Local privilege escalation in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows a si...
Linux Distros Unpatched Vulnerability : CVE-2026-33456
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to...
EUVD-2026-21344
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...
EUVD-2026-21346
Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...
EUVD-2026-21342
Livestatus injection in the monitoring quicksearch in Checkmk 2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins...
CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...