Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
checkmk checkmk vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-24564
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
Tribe29 Checkmk 2.0.0
NA
CVE-2022-48321
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an malicious user to communicate with local network restricted endpoints by use of the host registration API.
Tribe29 Checkmk 2.1.0
2 Github repositories
NA
CVE-2023-6287
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance prior to 1.6.8 allows local malicious user to retrieve passwords via reading log files.
Tribe29 Checkmk Appliance Firmware
NA
CVE-2023-22307
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance prior to 1.6.4 allows local malicious user to retrieve passwords via reading log files.
Tribe29 Checkmk Appliance Firmware
NA
CVE-2023-22318
Denial of service in Webconf in Tribe29 Checkmk Appliance prior to 1.6.5.
Tribe29 Checkmk Appliance Firmware
NA
CVE-2023-22309
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance prior to 1.6.4.
Tribe29 Checkmk Appliance Firmware
NA
CVE-2024-0670
Privilege escalation in windows agent plugin in Checkmk prior to 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
383
VMScore
CVE-2017-9781
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x before 1.4.0p6, allowing an unauthenticated remote malicious user to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unenco...
Check Mk Project Check Mk 1.4.0
NA
CVE-2024-28826
Improper restriction of local upload and download paths in check_sftp in Checkmk prior to 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
NA
CVE-2024-28825
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk prior to 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »