Filtered by vendor Icinga Subscriptions

Search

Switch to Advanced Search (Beta)
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-6533 1 Icinga 1 Icinga 2024-11-21 N/A
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
CVE-2018-6532 1 Icinga 1 Icinga 2024-11-21 N/A
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.
CVE-2018-18250 1 Icinga 1 Icinga Web 2 2024-11-21 N/A
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.
CVE-2018-18249 1 Icinga 1 Icinga Web 2 2024-11-21 N/A
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
CVE-2018-18248 1 Icinga 1 Icinga Web 2 2024-11-21 N/A
Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.
CVE-2018-18247 1 Icinga 1 Icinga Web 2 2024-11-21 N/A
Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.
CVE-2018-18246 1 Icinga 1 Icinga Web 2 2024-11-21 N/A
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.