Page 10 of 51 results (0.010 seconds)

CVSS: 8.0EPSS: 0%CPEs: 99EXPL: 0

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. • https://checkmk.com/werk/14381 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 86EXPL: 0

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable • https://checkmk.com/werk/14087 • CWE-427: Uncontrolled Search Path Element •

CVSS: 8.1EPSS: 0%CPEs: 71EXPL: 0

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. La validación de entrada incorrecta de las ID de usuario LDAP en Tribe29 Checkmk permite a los atacantes que pueden controlar las ID de usuario LDAP manipular archivos en el servidor. Esta vulnerabilidad afecta a las versiones Checkmk &lt;= 2.1.0p19, Checkmk &lt;= 2.0.0p32 y todas las versiones de Checkmk 1.6.0 (EOL). • https://checkmk.com/werk/15181 • CWE-20: Improper Input Validation •

CVSS: 4.9EPSS: 0%CPEs: 69EXPL: 0

Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. Path-Traversal en el almacenamiento MKP en Tribe29 Checkmk &lt;=2.0.0p32 y &lt;= 2.1.0p18 permite a un administrador escribir archivos mkp en ubicaciones arbitrarias a través de un archivo mkp malicioso. • https://checkmk.com/werk/15065 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 71EXPL: 0

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. • https://checkmk.com/werk/14098 • CWE-276: Incorrect Default Permissions •