Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 75 results


CVE-2024-8606

Medium priority
Needs evaluation

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-38859

Medium priority
Needs evaluation

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column...

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-28829

Medium priority
Not affected

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Not affected Not affected
Show less packages

CVE-2024-28828

Medium priority
Needs evaluation

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-28827

Medium priority
Needs evaluation

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-6163

Medium priority
Needs evaluation

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-6052

Medium priority
Needs evaluation

Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-38857

Medium priority
Needs evaluation

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-28830

Low priority
Needs evaluation

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-28832

Medium priority
Needs evaluation

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the...

1 affected packages

check-mk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
check-mk Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages