Filtered by vendor Checkmk
Subscribe
Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6747 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 5.3 MEDIUM |
| Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | |||||
| CVE-2024-6572 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 7.4 HIGH |
| Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic | |||||
| CVE-2024-6542 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | |||||
| CVE-2024-6163 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 5.3 MEDIUM |
| Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | |||||
| CVE-2024-6052 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.5 MEDIUM |
| Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | |||||
| CVE-2024-5741 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.5 MEDIUM |
| Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | |||||
| CVE-2024-47094 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | |||||
| CVE-2024-3367 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.5 MEDIUM |
| Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | |||||
| CVE-2024-38865 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 8.8 HIGH |
| Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. | |||||
| CVE-2024-38864 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2026-06-17 | N/A | 3.3 LOW |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | |||||
| CVE-2024-38863 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 7.5 HIGH |
| Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | |||||
| CVE-2024-38862 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 4.4 MEDIUM |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | |||||
| CVE-2024-38860 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. | |||||
| CVE-2024-38859 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.1 MEDIUM |
| XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. | |||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | |||||
| CVE-2024-38857 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 4.3 MEDIUM |
| Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. | |||||
| CVE-2024-2380 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 4.6 MEDIUM |
| Stored XSS in graph rendering in Checkmk <2.3.0b4. | |||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | |||||
| CVE-2024-28832 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 4.8 MEDIUM |
| Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. | |||||
| CVE-2024-28831 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 5.4 MEDIUM |
| Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. | |||||