NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-31208 | Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.3 | 0.97% | 2023-05-17 | 2026-06-17 |
| CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 | 0.59% | 2023-05-17 | 2026-06-17 |
| CVE-2023-22359 | User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | 4.3 | 0.35% | 2023-06-26 | 2026-06-17 |
| CVE-2023-23548 | Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | 5.4 | 0.35% | 2023-08-01 | 2026-06-17 |
| CVE-2023-31209 | Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 | 1.02% | 2023-08-10 | 2026-06-17 |
| CVE-2023-23549 | Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | 2.7 | 0.63% | 2023-11-15 | 2026-06-17 |
| CVE-2023-6156 | Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | 7.6 | 0.86% | 2023-11-22 | 2026-06-17 |
| CVE-2023-6157 | Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | 7.6 | 0.86% | 2023-11-22 | 2026-06-17 |
| CVE-2023-6251 | Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | 3.5 | 0.15% | 2023-11-24 | 2026-06-17 |
| CVE-2023-6287 | Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | 3.3 | 0.23% | 2023-11-27 | 2026-06-17 |
| CVE-2023-31210 | Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | 8.8 | 0.54% | 2023-12-13 | 2026-06-17 |
| CVE-2023-31211 | Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 8.8 | 0.51% | 2024-01-12 | 2026-06-17 |
| CVE-2023-6735 | Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 8.8 | 0.28% | 2024-01-12 | 2026-06-17 |
| CVE-2023-6740 | Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 8.8 | 0.18% | 2024-01-12 | 2026-06-17 |
| CVE-2024-0670 | Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | 8.8 | 0.34% | 2024-03-11 | 2026-06-17 |
| CVE-2024-0638 | Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 8.2 | 0.19% | 2024-03-22 | 2026-06-17 |
| CVE-2024-1742 | Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | 3.8 | 0.24% | 2024-03-22 | 2026-06-17 |
| CVE-2024-28824 | Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 8.8 | 0.18% | 2024-03-22 | 2026-06-17 |
| CVE-2024-2380 | Stored XSS in graph rendering in Checkmk <2.3.0b4. | 4.6 | 0.34% | 2024-04-05 | 2026-06-17 |
| CVE-2024-3367 | Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | 6.5 | 0.31% | 2024-04-16 | 2026-06-17 |