Filtered by vendor Checkmk
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58126 | 2 Checkmk, Vmware | 2 Checkmk, Vma | 2025-08-28 | N/A |
| Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58123 | 1 Checkmk | 1 Checkmk | 2025-08-28 | N/A |
| Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58127 | 1 Checkmk | 1 Checkmk | 2025-08-28 | N/A |
| Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58124 | 1 Checkmk | 1 Checkmk | 2025-08-28 | N/A |
| Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58125 | 1 Checkmk | 1 Checkmk | 2025-08-28 | N/A |
| Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic. | ||||
| CVE-2024-6163 | 1 Checkmk | 1 Checkmk | 2025-08-27 | 5.3 Medium |
| Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | ||||
| CVE-2025-32915 | 3 Checkmk, Linux, Oracle | 3 Checkmk, Linux Kernel, Solaris | 2025-08-26 | 5.5 Medium |
| Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | ||||
| CVE-2024-38864 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-08-25 | 3.3 Low |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | ||||
| CVE-2024-6572 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 7.4 High |
| Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic | ||||
| CVE-2025-3506 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 5.3 Medium |
| Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. | ||||
| CVE-2025-2092 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 7.5 High |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | ||||
| CVE-2025-2596 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 5.3 Medium |
| Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) | ||||
| CVE-2025-1075 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 7.5 High |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. | ||||
| CVE-2025-32917 | 1 Checkmk | 1 Checkmk | 2025-08-22 | 8.8 High |
| Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | ||||
| CVE-2025-1712 | 1 Checkmk | 1 Checkmk | 2025-08-22 | 8.8 High |
| Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | ||||
| CVE-2025-32918 | 1 Checkmk | 1 Checkmk | 2025-08-22 | 8.8 High |
| Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands. | ||||
| CVE-2024-38865 | 1 Checkmk | 1 Checkmk | 2025-08-21 | 8.8 High |
| Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. | ||||
| CVE-2023-31211 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-06-17 | 8.8 High |
| Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | ||||
| CVE-2023-6735 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-06-03 | 8.8 High |
| Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | ||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-06-03 | 8.8 High |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | ||||