787 matches found
CVE-2026-24414
The CVE-2026-24414 entry concerns the Icinga PowerShell Framework: prior to versions 1.13.4, 1.12.4, and 1.11.2, the certificate directory permissions grant read access to all users, exposing the host’s Icinga private key. A fix exists in those specific patch versions, and upgrading Icinga for Wi...
CVE-2026-24413
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...
CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...
CVE-2026-24413
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...
CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...
EUVD-2026-4959
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...
PT-2026-5318
The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...
Icinga PowerShell Framework security vulnerabilities
Icinga PowerShell Framework is an open-source PowerShell module developed by Icinga. Versions prior to 1.13.4, 1.12.4, and 1.11.2 of the Icinga PowerShell Framework have security vulnerabilities. These vulnerabilities stem from improper permission settings for the certificate directory, which may...
Icinga 2 security vulnerabilities
Icinga 2 is an open-source monitoring system developed by Icinga. Versions of Icinga 2 prior to 2.13.14, 2.14.8, and 2.15.2 contained security vulnerabilities. These vulnerabilities were caused by improper Windows folder permission settings, which could allow all local users to access private key...
PT-2026-5317
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%icinga2var folder on Windows. This resulted in the its contents - including the private key of the...
CVE-2025-23203
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...
Security update for icinga-php-library, icingaweb2 (moderate)
openSUSE Security Update: Security update for icinga-php-library, icingaweb2 Announcement ID: openSUSE-SU-2025:0473-1 Rating: moderate References: Cross-References: CVE-2025-27404 CVE-2025-27405 CVE-2025-27609 CVE-2025-30164 CVSS scores: CVE-2025-27404 SUSE: 7.6...
Security update for icinga2 (important)
openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2025:0457-1 Rating: important References: 1084909 1233310 Cross-References: CVE-2024-49369 CVSS scores: CVE-2024-49369 SUSE: 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Affected Products:...
FreeBSD : Hidden/Protected custom variables are prone to filter enumeration (4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8 advisory. Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter...
SUSE CVE-2025-61907
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...
SUSE CVE-2025-61908
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...
SUSE CVE-2025-61909
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...
CVE-2025-61907
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...
CVE-2025-61789
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...
CVE-2025-61908
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...