Lucene search
+L

787 matches found

osv
osv
added 2025/10/16 5:20 p.m.6 views

CVE-2025-61909 Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

4CVSS6.8AI score0.002EPSS
Exploits0References6
debiancve
debiancve
added 2025/10/16 5:20 p.m.5 views

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

4.4CVSS5.4AI score0.002EPSS
Exploits0
cve
cve
added 2025/10/16 5:16 p.m.28 views

CVE-2025-61908

CVE-2025-61908 – Icinga 2 Denial of Service : Multiple vendor advisories confirm a vulnerability in Icinga 2 where creating an invalid reference (e.g., a reference to null) dereferences a null pointer and triggers a segmentation fault, crashing the daemon when a filter expression is provided via ...

7.1CVSS6.4AI score0.00498EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2025/10/16 5:16 p.m.7 views

EUVD-2025-34793

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.3AI score0.00498EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/10/16 5:16 p.m.1 views

CVE-2025-61908 Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.4AI score0.00498EPSS
Exploits0References3
debiancve
debiancve
added 2025/10/16 5:16 p.m.7 views

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS5.3AI score0.00498EPSS
Exploits0
osv
osv
added 2025/10/16 5:16 p.m.9 views

CVE-2025-61908 Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.8AI score0.00498EPSS
Exploits0References5
nvd
nvd
added 2025/10/16 5:15 p.m.8 views

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

6.5CVSS0.00338EPSS
Exploits0References2
osv
osv
added 2025/10/16 5:15 p.m.9 views

DEBIAN-CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

6.5CVSS5.2AI score0.00338EPSS
Exploits0References1
osv
osv
added 2025/10/16 5:15 p.m.8 views

UBUNTU-CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

6.5CVSS5.8AI score0.00338EPSS
Exploits0References5
debiancve
debiancve
added 2025/10/16 5:11 p.m.15 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS5.2AI score0.00373EPSS
Exploits0
cvelist
cvelist
added 2025/10/16 5:11 p.m.12 views

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS0.00373EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/16 5:11 p.m.3 views

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS5.9AI score0.00373EPSS
Exploits0References2
euvd
euvd
added 2025/10/16 5:11 p.m.6 views

EUVD-2025-34794

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS5.8AI score0.00373EPSS
Exploits0References2
cve
cve
added 2025/10/16 5:11 p.m.31 views

CVE-2025-61907

CVE-2025-61907 affects Icinga 2. Versions 2.4–2.15.0 allow authenticated API users to exploit filter expressions on /v1/objects endpoints to access variables and objects that should be restricted by permissions. The root cause is improper exposure of hidden data through filter evaluation, enablin...

7.1CVSS5.9AI score0.00373EPSS
Exploits0References2Affected Software1
osv
osv
added 2025/10/16 5:11 p.m.5 views

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS6.4AI score0.00373EPSS
Exploits0References4
euvd
euvd
added 2025/10/16 5:0 p.m.6 views

EUVD-2025-34795

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.2AI score0.00338EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/16 5:0 p.m.12 views

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS0.00338EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/16 5:0 p.m.1 views

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.4AI score0.00338EPSS
Exploits0References2
debiancve
debiancve
added 2025/10/16 5:0 p.m.7 views

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

6.5CVSS5.2AI score0.00338EPSS
Exploits0
Rows per page
Query Builder