CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 81100 / 113
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-6735 Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges 8.8 0.28% 2024-01-12 2026-06-17
CVE-2023-31211 Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials 8.8 0.51% 2024-01-12 2026-06-17
CVE-2023-31210 Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries 8.8 0.54% 2023-12-13 2026-06-17
CVE-2023-6287 Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. 3.3 0.23% 2023-11-27 2026-06-17
CVE-2023-6251 Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. 3.5 0.15% 2023-11-24 2026-06-17
CVE-2023-6157 Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. 7.6 0.86% 2023-11-22 2026-06-17
CVE-2023-6156 Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. 7.6 0.86% 2023-11-22 2026-06-17
CVE-2023-23549 Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. 2.7 0.63% 2023-11-15 2026-06-17
CVE-2023-31209 Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. 8.8 1.02% 2023-08-10 2026-06-17
CVE-2023-23548 Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. 5.4 0.35% 2023-08-01 2026-06-17
CVE-2023-22359 User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. 4.3 0.50% 2023-06-26 2026-06-17
CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. 4.3 0.59% 2023-05-17 2026-06-17
CVE-2023-31208 Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. 8.3 0.97% 2023-05-17 2026-06-17
CVE-2023-22318 Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. 7.5 0.53% 2023-05-15 2026-06-17
CVE-2023-31207 Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. 4.4 0.22% 2023-05-02 2026-06-17
CVE-2023-22309 Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. 6.1 0.40% 2023-04-20 2026-06-17
CVE-2022-46302 Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. 8.8 0.39% 2023-04-20 2026-06-17
CVE-2023-22307 Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. 5.5 0.22% 2023-04-18 2026-06-17
CVE-2023-22294 Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. 8.8 0.68% 2023-04-18 2026-06-17
CVE-2023-2020 Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. 4.3 0.40% 2023-04-18 2026-06-17
cvelogic Threat Intelligence