Page 2 of 37 results (0.003 seconds)

CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. La violación de privilegios mínimos y la dependencia de entradas no confiables en el complemento del agente Checkmk mk_informix anterior a Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 y 2.0.0 (EOL) permite que los usuarios locales escalen privilegios. • https://checkmk.com/werk/16249 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. La neutralización incorrecta de los delimitadores de comandos de estado de vida en mknotifyd en Checkmk &lt;= 2.0.0p39, &lt; 2.1.0p47, &lt; 2.2.0p32 y &lt; 2.3.0p11 permite la ejecución arbitraria de comandos de estado de vida. • https://checkmk.com/werk/17013 • CWE-140: Improper Neutralization of Delimiters •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. Cross-Site Request Forgery en Checkmk &lt; 2.3.0p8, &lt; 2.2.0p29, &lt; 2.1.0p45 y &lt;= 2.0.0p39 (EOL) podría provocar que el sitio se comprometa con 1 clic. • https://checkmk.com/werk/17090 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. Permisos incorrectos en el directorio de datos del agente de Windows Checkmk en Checkmk &lt; 2.3.0p8, &lt; 2.2.0p29, &lt; 2.1.0p45 y &lt;= 2.0.0p39 (EOL) permiten a un atacante local obtener privilegios de SYSTEM. • https://checkmk.com/werk/16845 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data • https://checkmk.com/werk/17011 • CWE-290: Authentication Bypass by Spoofing •