Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icinga icinga vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2018-6536
An issue exists in Icinga 2.x up to and including 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification be...
Icinga Icinga
4.6
CVSSv2
CVE-2020-14004
An issue exists in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed a...
Icinga Icinga 2.12.0
Icinga Icinga
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
4.6
CVSSv2
CVE-2017-16882
Icinga Core up to and including 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by le...
Icinga Icinga
4.3
CVSSv2
CVE-2022-24714
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with ...
Icinga Icinga Web 2
4.3
CVSSv2
CVE-2020-24368
Icinga Icinga Web2 2.0.0 up to and including 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an malicious user to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2...
Icinga Icinga Web 2
Debian Debian Linux 9.0
Debian Debian Linux 10
Suse Package Hub -
4.3
CVSSv2
CVE-2018-18246
Icinga Web 2 prior to 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.
Icinga Icinga Web 2
4.3
CVSSv2
CVE-2018-18248
Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.
Icinga Icinga Web 2 2.6.1
4.3
CVSSv2
CVE-2018-6534
An issue exists in Icinga 2.x up to and including 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.
Icinga Icinga
4.3
CVSSv2
CVE-2018-6535
An issue exists in Icinga 2.x up to and including 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
Icinga Icinga
4.3
CVSSv2
CVE-2015-8010
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga prior to 1.14 allows remote malicious users to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
Icinga Icinga
Opensuse Leap 42.2
Opensuse Project Leap 42.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »