CVE-2025-61909

CVE-2025-61909 affects Icinga 2: from 2.10.0 up to but not including 2.15.1, and also affected 2.14.7 and 2.13.13, the safe-reload script (used during icinga2 reload) and the logrotate config read the main Icinga 2 process PID from a PID file writable by the daemon user, but send signals as root....

EUVD-2025-34791

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

CVE-2025-61909 Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

CVE-2025-61909 Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

EUVD-2023-29313

Malicious code in bioql PyPI...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

Docker Privileged Container Kernel Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Privileged Container Kernel Escape', 'Description' = %q This module performs a container escape onto the host as the daemon user. It takes...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

Code injection

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25355

CoreDial sipXcom (sipXopenfire component) up to and including version 21.04 is affected by insecure permissions that allow a user who can run commands as the daemon user to overwrite a service file and escalate to root. The CVE description and multiple sources (NVD, Red Hat, PRION, PT-Security, a...

PT-2023-2277 · Coredial · Sipxcom

Name of the Vulnerable Software and Affected Versions: CoreDial sipXcom versions up to and including 21.04 Description: The issue is related to insecure permissions, allowing a user with the ability to run commands as the daemon user on a sipXcom server to overwrite a service file and escalate...

Cisco UCS Central Command Execution Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. An arbitrary command execution vulnerability exists in the runtime scripts in Cisco UCS Central, which stems from the...

CVE-2018-0113

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting...

CVE-2018-0113

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting...

Cisco UCS Central Arbitrary Command Execution Vulnerability

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting...

openSUSE Security Update : colord (openSUSE-2011-57)

Update to version 0.1.15 : + This release fixes an important security bug: CVE-2011-4349. + New Features : - Add a native driver for the Hughski ColorHug hardware - Export cd-math as three projects are now using it + Bugfixes : - Documentation fixes and improvements - Do not crash the daemon if...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...

Debian Security Advisory DSA 102-2 (at)

The remote host is missing an update to at announced via advisory DSA 102-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...