Vulnerabilities > Checkmk > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-20 | CVE-2022-47909 | Unspecified vulnerability in Checkmk 2.0.0/2.1.0 Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | 7.8 |
2023-02-09 | CVE-2022-43440 | Uncontrolled Search Path Element vulnerability in Checkmk Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable | 7.8 |
2023-01-26 | CVE-2023-0284 | Improper Input Validation vulnerability in multiple products Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. | 8.1 |
2022-06-17 | CVE-2022-33912 | Incorrect Default Permissions vulnerability in multiple products A permission issue affects users that deployed the shipped version of the Checkmk Debian package. | 7.8 |
2022-03-25 | CVE-2021-40904 | Incorrect Default Permissions vulnerability in Checkmk 1.5.0 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. | 8.8 |
2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
2021-02-19 | CVE-2020-24908 | Unspecified vulnerability in Checkmk Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | 7.8 |