Lucene search
K

787 matches found

CVE
CVE
added 2026/01/29 5:35 p.m.21 views

CVE-2026-24414

The CVE-2026-24414 entry concerns the Icinga PowerShell Framework: prior to versions 1.13.4, 1.12.4, and 1.11.2, the certificate directory permissions grant read access to all users, exposing the host’s Icinga private key. A fix exists in those specific patch versions, and upgrading Icinga for Wi...

6.8CVSS5.9AI score0.00097EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/29 5:21 p.m.9 views

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/29 5:21 p.m.6 views

CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/01/29 5:21 p.m.6 views

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.3AI score0.00068EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/29 5:21 p.m.36 views

CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS0.00068EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 5:21 p.m.7 views

EUVD-2026-4959

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.10 views

PT-2026-5318

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

6.8CVSS5.9AI score0.00097EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.5 views

Icinga PowerShell Framework security vulnerabilities

Icinga PowerShell Framework is an open-source PowerShell module developed by Icinga. Versions prior to 1.13.4, 1.12.4, and 1.11.2 of the Icinga PowerShell Framework have security vulnerabilities. These vulnerabilities stem from improper permission settings for the certificate directory, which may...

6.8CVSS5.8AI score0.00097EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.5 views

Icinga 2 security vulnerabilities

Icinga 2 is an open-source monitoring system developed by Icinga. Versions of Icinga 2 prior to 2.13.14, 2.14.8, and 2.15.2 contained security vulnerabilities. These vulnerabilities were caused by improper Windows folder permission settings, which could allow all local users to access private key...

6.8CVSS5.8AI score0.00068EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-5317

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%icinga2var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.17 views

CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

5.5CVSS5.5AI score0.0037EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2025/12/18 12:0 a.m.8 views

Security update for icinga-php-library, icingaweb2 (moderate)

openSUSE Security Update: Security update for icinga-php-library, icingaweb2 Announcement ID: openSUSE-SU-2025:0473-1 Rating: moderate References: Cross-References: CVE-2025-27404 CVE-2025-27405 CVE-2025-27609 CVE-2025-30164 CVSS scores: CVE-2025-27404 SUSE: 7.6...

7.6CVSS5.8AI score0.00561EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2025/12/03 12:0 a.m.8 views

Security update for icinga2 (important)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2025:0457-1 Rating: important References: 1084909 1233310 Cross-References: CVE-2024-49369 CVSS scores: CVE-2024-49369 SUSE: 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Affected Products:...

10CVSS7.2AI score0.02934EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.3 views

FreeBSD : Hidden/Protected custom variables are prone to filter enumeration (4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8 advisory. Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter...

6.5CVSS5.6AI score0.00331EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/17 11:22 p.m.1 views

SUSE CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

6.5CVSS6.4AI score0.00365EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/17 11:22 p.m.3 views

SUSE CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

6.5CVSS6.8AI score0.00487EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/17 11:22 p.m.1 views

SUSE CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

6CVSS6.8AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.3 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS6.3AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.3 views

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.3 views

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.7AI score0.00487EPSS
Exploits0References1
Rows per page
Query Builder