SUSE CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

CVE-2018-6534

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash...

Default credentials

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

Code injection

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted authenticated and unauthenticated requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer...

CVE-2018-6532

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted authenticated and unauthenticated requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer...

CVE-2018-6532

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted authenticated and unauthenticated requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer...

CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

CVE-2018-6534

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash...

CVE-2018-6532

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted authenticated and unauthenticated requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer...

CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker...

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

Design/Logic Flaw

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

CVE-2017-16933

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...

Design/Logic Flaw

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2USER account for creation of a link...