Lucene search
+L

70 matches found

UbuntuCve
UbuntuCve
added 2020/06/12 4:15 p.m.27 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS7AI score0.00739EPSS
Exploits1References9
OSV
OSV
added 2020/06/12 4:15 p.m.6 views

UBUNTU-CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS7.2AI score0.00739EPSS
Exploits1References10
Cvelist
Cvelist
added 2020/06/12 3:4 p.m.37 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.7AI score0.00739EPSS
Exploits1References6
CVE
CVE
added 2020/06/12 3:4 p.m.167 views

CVE-2020-14004

CVE-2020-14004 affects Icinga2 prior to 2.12.0-rc1. The prepare-dirs script used by icinga2/systemd runs chmod 2750 on /run/icinga2/cmd, which is under an unprivileged user by default. If /run/icinga2/cmd is a symlink, an unprivileged icinga2 user can follow it and change arbitrary files to mode ...

7.8CVSS7.4AI score0.00739EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2020/06/12 3:4 p.m.28 views

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

7.8CVSS7.2AI score0.00739EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/03/02 12:0 a.m.41 views

Icinga2 < 2.8.2 Multiple Vulnerabilities

Icinga2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:icinga:icinga2"; if description...

8.1CVSS6.7AI score0.01389EPSS
Exploits1References7
Prion
Prion
added 2018/02/02 9:29 a.m.14 views

Design/Logic Flaw

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

4.9CVSS5.5AI score0.00257EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2018/02/02 9:29 a.m.11 views

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

5.5CVSS6.5AI score0.00257EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/02/02 9:0 a.m.37 views

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

5.5CVSS5.9AI score0.00257EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.279 views

Critical security flaws in Nagios NRPE client/server crypto

in CC to: grok full disclosure, bugtraq TL;DR - DO NOT USE NRPE'S SSL IMPLEMENTATION! -- Dear Nagios developers, It's been a couple of years since I've had a look at NRPE, the remote monitoring agent distributed with Nagios. Back then we've exclusively used NRPE on unrouted dedicated monitoring...

7.1AI score
Exploits0
Rows per page
Query Builder