CVE-2025-61909 Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

EUVD-2021-24193

Malware in sbrugna...

EUVD-2021-19515

Malware in sbrugna...

EUVD-2021-19513

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-37698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In...

CVE-2025-53840

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...

CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...

CVE-2024-49369

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

[SECURITY] [DLA 3953-1] icinga2 security update

Debian LTS Advisory DLA-3953-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert November 16, 2024 https://wiki.debian.org/LTS Package : icinga2 Version : 2.12.3-1+deb11u1 CVE ID : CVE-2021-32739 CVE-2021-32743 CVE-2021-37698 CVE-2024-49369 Debian Bug : 991494 108738...

The vulnerability of the Icinga network availability monitoring system, related to insecure management of privileges, allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Icinga network availability monitoring system is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

Design/Logic Flaw

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

Debian Security Advisory DSA 2653-1 (icinga - buffer overflow)

It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program. OpenVAS Vulnerability Test $Id: deb2653.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2653-1 using nvtgen 1.0 Script version: 1.0...