VYPR

Icinga

by Icinga

Source repositories

CVEs (27)

  • CVE-2017-16882HigNov 18, 2017
    risk 0.51cvss 7.8epss 0.00

    Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging…

  • CVE-2017-16933HigNov 24, 2017
    risk 0.46cvss 7.0epss 0.00

    etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.

  • CVE-2015-8010MedMar 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

  • CVE-2018-6536MedFeb 2, 2018
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification…

  • CVE-2013-7108Jan 15, 2014
    risk 0.08cvss epss 0.60

    Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in…

  • CVE-2012-6096Jan 22, 2013
    risk 0.08cvss epss 0.66

    Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host…

  • CVE-2011-2179Jun 14, 2011
    risk 0.05cvss epss 0.26

    Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

  • CVE-2026-24413Jan 29, 2026
    risk 0.00cvss epss 0.00

    Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including…

  • CVE-2025-61909Oct 16, 2025
    risk 0.00cvss epss 0.00

    Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file…

  • CVE-2025-61908Oct 16, 2025
    risk 0.00cvss epss 0.00

    Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that…

  • CVE-2025-61907Oct 16, 2025
    risk 0.00cvss epss 0.00

    Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to…

  • CVE-2025-48057May 27, 2025
    risk 0.00cvss epss 0.00

    Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating…

  • CVE-2024-49369Nov 12, 2024
    risk 0.00cvss epss 0.03

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate…

  • CVE-2021-37698Aug 19, 2021
    risk 0.00cvss epss 0.01

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the…

  • CVE-2021-32743Jul 15, 2021
    risk 0.00cvss epss 0.02

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require…

  • CVE-2021-32739Jul 15, 2021
    risk 0.00cvss epss 0.01

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API…

  • CVE-2020-29663Dec 15, 2020
    risk 0.00cvss epss 0.02

    Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.

  • CVE-2018-6535HigFeb 27, 2018
    risk 0.00cvss 8.1epss 0.01

    An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.

  • CVE-2018-6534MedFeb 27, 2018
    risk 0.00cvss 6.5epss 0.01

    An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.

  • CVE-2018-6533HigFeb 27, 2018
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any…

Page 1 of 2