Filtered by vendor Tribe29
Subscribe
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31258 | 1 Tribe29 | 1 Checkmk | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | |||||
CVE-2021-40904 | 1 Tribe29 | 1 Checkmk | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | |||||
CVE-2020-28919 | 1 Tribe29 | 1 Checkmk | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | |||||
CVE-2020-24908 | 1 Tribe29 | 1 Checkmk | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | |||||
CVE-2017-14955 | 1 Tribe29 | 1 Checkmk | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. |