Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribe29 checkmk 1.6.0 vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2022-33912
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
641
VMScore
CVE-2022-31258
In Checkmk prior to 1.6.0p29, 2.x prior to 2.0.0p25, and 2.1.x prior to 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 1.6.0p10
Tribe29 Checkmk 1.6.0p17
Tribe29 Checkmk 1.6.0p18
Tribe29 Checkmk 1.6.0p11
Tribe29 Checkmk 1.6.0p12
Tribe29 Checkmk 1.6.0p13
Tribe29 Checkmk 1.6.0p14
Tribe29 Checkmk 1.6.0p15
Tribe29 Checkmk 1.6.0p16
641
VMScore
CVE-2020-24908
Checkmk prior to 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
Tribe29 Checkmk
Tribe29 Checkmk 1.6.0
605
VMScore
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
383
VMScore
CVE-2021-40906
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an malicious user to open a backdoor on the device with HTML content and interpreted by the browser (such as...
Tribe29 Checkmk
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 1.6.0p10
Tribe29 Checkmk 1.6.0p17
Tribe29 Checkmk 1.6.0p18
1 Github repository
312
VMScore
CVE-2022-24566
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
312
VMScore
CVE-2022-24565
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
312
VMScore
CVE-2020-28919
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x before 1.6.0p19 allows an authenticated remote malicious user to inject arbitrary JavaScript via a javascript: URL in a view title.
Tribe29 Checkmk 1.6.0
NA
CVE-2022-46302
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an malicious us...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
NA
CVE-2023-1768
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 1.6.0p10
Tribe29 Checkmk 1.6.0p17
Tribe29 Checkmk 1.6.0p18
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 1.6.0p11
Tribe29 Checkmk 1.6.0p12
Tribe29 Checkmk 1.6.0p13
Tribe29 Checkmk 1.6.0p14
Tribe29 Checkmk 1.6.0p15
Tribe29 Checkmk 1.6.0p16
Tribe29 Checkmk 2.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »