CVE-2024-1742
published 2024-03-22CVE-2024-1742: Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24…
PriorityP411low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
EPSS
0.24%
15.6th percentile
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | <= 2.0.0 | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | 2.0.0 – 2.0.0p39 | — |
| checkmk_gmbh | checkmk | >= 2.1.0 < 2.1.0p41 | 2.1.0p41 |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p24 | 2.2.0p24 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0b4 | 2.3.0b4 |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv3.3LOW
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-1742: Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2
osv·2024-03-22·CVSS 3.3
CVE-2024-1742 [LOW] CVE-2024-1742: Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
GHSA
GHSA-672v-64m3-xh38: Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2
ghsa_unreviewed·2024-03-22
CVE-2024-1742 [LOW] CWE-214 GHSA-672v-64m3-xh38: Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
Red Hat
kernel: wifi: ath11k: use work queue to process beacon tx event
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2024-47724 [MEDIUM] CWE-367 kernel: wifi: ath11k: use work queue to process beacon tx event
kernel: wifi: ath11k: use work queue to process beacon tx event
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: use work queue to process beacon tx event
Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")
from Feb 28, 2024 (linux-next), leads to the following Smatch static
checker warning:
drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie()
warn: sleeping in atomic context
The reason is that ath11k_bcn_tx_status_event() will directly call might
sleep function ath11k_wmi_cmd_send() during RCU read-side critical
sections. The call trace is like:
ath11k_bcn_tx_status_event()
-> rcu_read_lock()
-> ath11k_mac_bcn_tx_event()
-> ath11k_mac_setup_bcn_tmpl()
……
-> ath11k_wmi_bcn_tmpl()
-> ath11k_wmi_cmd_send()
-> rcu_read_unlock(
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-22
Published