VYPR

rpm package

opensuse/icinga2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/icinga2&distro=openSUSE%20Tumbleweed

Vulnerabilities (13)

  • CVE-2026-24413Jan 29, 2026
    affected < 2.15.2-1.1fixed 2.15.2-1.1

    Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including the

  • CVE-2025-61909Oct 16, 2025
    affected < 2.15.1-1.1fixed 2.15.1-1.1

    Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable

  • CVE-2025-61908Oct 16, 2025
    affected < 2.15.1-1.1fixed 2.15.1-1.1

    Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that al

  • CVE-2025-61907Oct 16, 2025
    affected < 2.15.1-1.1fixed 2.15.1-1.1

    Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to lear

  • CVE-2025-48057May 27, 2025
    affected < 2.14.6-1.1fixed 2.14.6-1.1

    Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating c

  • CVE-2024-49369Nov 12, 2024
    affected < 2.14.3-1.1fixed 2.14.3-1.1

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate b

  • CVE-2021-37698Aug 19, 2021
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the serve

  • CVE-2021-32743Jul 15, 2021
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require crede

  • CVE-2021-32739Jul 15, 2021
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API u

  • CVE-2020-29663Dec 15, 2020
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.

  • CVE-2020-14004Jun 12, 2020
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by fo

  • CVE-2018-6534MedFeb 27, 2018
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.

  • CVE-2017-16933HigNov 24, 2017
    affected < 2.13.1-1.3fixed 2.13.1-1.3

    etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.