Filtered by vendor Icinga
Subscriptions
Filtered by product Icinga
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6533 | 1 Icinga | 1 Icinga | 2024-11-21 | N/A |
| An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933). | ||||
| CVE-2018-6532 | 1 Icinga | 1 Icinga | 2024-11-21 | N/A |
| An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. | ||||
| CVE-2017-16933 | 1 Icinga | 1 Icinga | 2024-11-21 | N/A |
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2024-11-21 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2015-8010 | 3 Icinga, Opensuse, Opensuse Project | 3 Icinga, Leap, Leap | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | ||||