Vulnerabilities > Icinga

DATE CVE VULNERABILITY TITLE RISK
2018-02-27 CVE-2018-6534 NULL Pointer Dereference vulnerability in Icinga
An issue was discovered in Icinga 2.x through 2.8.1.
network
low complexity
icinga CWE-476
6.5
2018-02-27 CVE-2018-6533 Unspecified vulnerability in Icinga
An issue was discovered in Icinga 2.x through 2.8.1.
local
low complexity
icinga
7.8
2018-02-27 CVE-2018-6532 Resource Exhaustion vulnerability in Icinga
An issue was discovered in Icinga 2.x through 2.8.1.
network
low complexity
icinga CWE-400
7.5
2018-02-02 CVE-2018-6536 Incorrect Permission Assignment for Critical Resource vulnerability in Icinga
An issue was discovered in Icinga 2.x through 2.8.1.
local
low complexity
icinga CWE-732
5.5
2017-11-24 CVE-2017-16933 Incorrect Permission Assignment for Critical Resource vulnerability in Icinga
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
local
high complexity
icinga CWE-732
7.0
2017-11-18 CVE-2017-16882 Incorrect Permission Assignment for Critical Resource vulnerability in Icinga
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312.
local
low complexity
icinga CWE-732
7.8
2017-03-27 CVE-2015-8010 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
network
low complexity
icinga opensuse-project opensuse CWE-79
6.1