📦 Checkmk

This CVE describes a PHP code injection vulnerability in Checkmk's watolib auth.php and hosttags.php components. Attackers can inject and execute arbitrary PHP code when vulnerable components are acce...

A Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote monitoring site to inject malicious HTML/JavaScript into service outputs displayed on the cen...

This vulnerability allows local privilege escalation on Windows systems running affected Checkmk Windows Agent versions. An attacker with local access can exploit insecure temporary directory handling...

This vulnerability allows authenticated users to inject arbitrary Livestatus commands through the RestAPI autocomplete endpoint in Checkmk. Attackers could execute unauthorized commands, potentially c...

This vulnerability causes Checkmk to write remote site authentication secrets to log files accessible to administrators. Attackers with access to these logs could obtain credentials to compromise conn...

This vulnerability in Checkmk monitoring software causes LDAP authentication credentials to be written to Apache error log files. Administrators with access to these log files can potentially read sen...

This vulnerability exposes CSRF tokens in URL query parameters in Checkmk monitoring software, allowing attackers to steal these tokens. Attackers can then use stolen tokens to perform Cross-Site Requ...

This vulnerability allows authenticated users in Checkmk monitoring systems to bypass two-factor authentication (2FA) via the REST API. Attackers with valid credentials can access protected resources ...

This vulnerability in the mk_informix Checkmk agent plugin allows local users to escalate privileges due to least privilege violations and reliance on untrusted inputs. It affects Checkmk installation...

This vulnerability allows a local attacker to escalate privileges to SYSTEM level on Windows systems running vulnerable Checkmk Windows Agent versions. The issue stems from incorrect permissions on th...

This CVE describes a local privilege escalation vulnerability in Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs. Local users can exploit improper privilege handling to gain elevated...

This vulnerability allows local users on Windows systems running vulnerable Checkmk agent plugins to escalate privileges to SYSTEM level. It affects Checkmk monitoring installations where the Windows ...

This vulnerability in Checkmk allows attackers to use locked credentials due to insufficient authentication flow. Attackers could potentially gain unauthorized access to monitoring systems. Affected a...

This vulnerability allows local users on systems running vulnerable Checkmk versions to escalate their privileges to root/admin level. It affects Checkmk installations where the mk_tsm agent plugin is...

This vulnerability allows authorized users of Checkmk to execute arbitrary livestatus commands by exploiting improper neutralization of command delimiters in the availability timeline. Attackers with ...

This vulnerability allows authorized users of Checkmk's RestAPI to execute arbitrary livestatus commands due to improper input sanitization. Attackers with valid credentials can potentially execute co...

This vulnerability allows authenticated Checkmk users to directly interact with the underlying Apache installation through reverse proxy configurations, enabling remote code execution with root privil...

This vulnerability allows authenticated users with User Management permissions (and LDAP administrators in some configurations) to inject arbitrary commands into SMS notification functionality in Chec...

CVE-2021-40904 allows remote code execution through the CheckMK web management console by exploiting a misconfiguration in the default Dokuwiki installation. Attackers with administrative access (vali...

This vulnerability exposes SSH private keys in the HTML source of Checkmk's remote alert handler rule pages. Attackers who can access these pages could trigger unauthorized alert handlers on monitored...

This vulnerability allows low-privileged users in Checkmk monitoring systems to access agent information through the REST API without proper authorization. It affects Checkmk versions before 2.4.0p17 ...

This vulnerability allows low-privileged users in Checkmk to bypass permission checks on REST API endpoints, enabling unauthorized actions or access to sensitive information. It affects Checkmk versio...

This vulnerability allows local attackers on Linux and Solaris systems to read sensitive data from Checkmk agent update packages due to incorrect file permissions. It affects Checkmk installations wit...

This vulnerability in Checkmk allows attackers to bypass session logout mechanisms, potentially maintaining unauthorized access to monitoring systems. It affects Checkmk versions before 2.3.0p30, 2.2....

This vulnerability in Checkmk monitoring software causes remote site secrets to be written to web log files accessible to local site users. Attackers with local access can read sensitive credentials f...

This authentication bypass vulnerability in Checkmk allows remote attackers to access HTTP endpoints without proper credentials, potentially exposing sensitive monitoring data. It affects Checkmk vers...

This vulnerability allows authenticated users with Global Settings permissions to inject malicious HTML/JavaScript into the Crash Report URL field, creating stored cross-site scripting (XSS) attacks. ...