Vulnerabilities > Tribe29 > Checkmk > 1.6.0p16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in Tribe29 Checkmk Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |
| 2024-01-12 | CVE-2023-6735 | Improper Privilege Management vulnerability in Tribe29 Checkmk Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |
| 2024-01-12 | CVE-2023-6740 | Improper Privilege Management vulnerability in Tribe29 Checkmk Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |
| 2023-08-10 | CVE-2023-31209 | Injection vulnerability in Tribe29 Checkmk Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 |
| 2023-05-17 | CVE-2023-22348 | Unspecified vulnerability in Tribe29 Checkmk Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
| 2023-05-17 | CVE-2023-31208 | Command Injection vulnerability in Tribe29 Checkmk Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.8 |
| 2023-04-18 | CVE-2023-22294 | Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. | 8.8 |
| 2023-03-20 | CVE-2023-22288 | Cross-site Scripting vulnerability in Tribe29 Checkmk HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | 5.4 |
| 2023-01-26 | CVE-2023-0284 | Improper Input Validation vulnerability in Tribe29 Checkmk Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. | 8.1 |
| 2022-05-20 | CVE-2022-31258 | Link Following vulnerability in Tribe29 Checkmk In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | 7.2 |