Vulnerabilities > Icinga > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-18250 | Injection vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. | 7.5 |
| 2018-02-27 | CVE-2018-6535 | Unspecified vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 8.1 |
| 2018-02-27 | CVE-2018-6533 | Unspecified vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 7.8 |
| 2018-02-27 | CVE-2018-6532 | Resource Exhaustion vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 7.5 |
| 2017-11-24 | CVE-2017-16933 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | 7.0 |
| 2017-11-18 | CVE-2017-16882 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. | 7.8 |