Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.32 views

Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5261-1 advisory. It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to rea...

7CVSS6.8AI score0.00358EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-5261-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS5.8AI score0.00358EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2018:2039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2018/07/23 8:43 a.m.5 views

SUSE-SU-2018:2039-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module bsc1097663...

7CVSS7AI score0.00276EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/07/09 12:0 a.m.74 views

Debian: Security Advisory (DLA-1399-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS5.7AI score0.02364EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.31 views

Debian DLA-1399-1 : ruby-passenger security update

Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible. CVE-2015-7519 Remote attackers could spoof headers passed to applications by usin...

7CVSS6.5AI score0.02364EPSS
Exploits0References4
Debian
Debian
added 2018/06/27 7:39 p.m.45 views

[SECURITY] [DLA 1399-1] ruby-passenger security update

Package : ruby-passenger Version : 4.0.53-1+deb8u1 CVE ID : CVE-2015-7519 CVE-2018-12029 Debian Bug : 864651 Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under...

7CVSS6.4AI score0.02364EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/06/19 12:49 a.m.24 views

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

7.8CVSS3.6AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/17 8:0 p.m.41 views

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

5.7AI score0.00276EPSS
Exploits0References4
CVE
CVE
added 2018/06/17 8:0 p.m.92 views

CVE-2018-12029

CVE-2018-12029 describes a race condition in the Phusion Passenger nginx module (3.x–5.x) before 5.3.2. If a non-standard passenger_instance_registry_dir with weak permissions is configured, a race can occur after a file is created but before chown, where replacing the file with a symlink targets...

7CVSS5.5AI score0.00276EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder