Vulnerabilities > Icinga
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-27 | CVE-2018-6534 | NULL Pointer Dereference vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 6.5 |
2018-02-27 | CVE-2018-6533 | Unspecified vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 7.8 |
2018-02-27 | CVE-2018-6532 | Resource Exhaustion vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 7.5 |
2018-02-02 | CVE-2018-6536 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 5.5 |
2017-11-24 | CVE-2017-16933 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | 7.0 |
2017-11-18 | CVE-2017-16882 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. | 7.8 |
2017-03-27 | CVE-2015-8010 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | 6.1 |