High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-12	CVE-2023-6735	Improper Privilege Management vulnerability in multiple products Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges local low complexity tribe29 checkmk CWE-269	7.8
2024-01-12	CVE-2023-6740	Improper Privilege Management vulnerability in multiple products Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges local low complexity tribe29 checkmk CWE-269	7.8
2023-08-10	CVE-2023-31209	Injection vulnerability in multiple products Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. network low complexity tribe29 checkmk CWE-74	8.8
2023-05-17	CVE-2023-31208	Command Injection vulnerability in multiple products Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. network low complexity tribe29 checkmk CWE-77	8.8
2023-05-15	CVE-2023-22318	Improper Locking vulnerability in Tribe29 Checkmk Appliance Firmware Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. network low complexity tribe29 CWE-667	7.5
2023-04-18	CVE-2023-22294	Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. network low complexity tribe29 CWE-732	8.8
2023-01-26	CVE-2023-0284	Improper Input Validation vulnerability in multiple products Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. network low complexity tribe29 checkmk CWE-20	8.1
2022-06-17	CVE-2022-33912	Incorrect Default Permissions vulnerability in multiple products A permission issue affects users that deployed the shipped version of the Checkmk Debian package. local low complexity tribe29 checkmk CWE-276	7.8
2022-03-25	CVE-2021-40905	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. network low complexity tribe29 checkmk CWE-434	8.8