CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

SUSE CVE•added 2023/02/15 4:26 a.m.•1 views

SUSE CVE-2018-12615

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

5.3CVSS7AI score0.00198EPSS

Exploits0References3

RubySec•added 2022/05/13 12:0 a.m.•17 views

Phusion Passenger incorrect permission assignment

5.3CVSS3.4AI score0.00198EPSS

Exploits0References1Affected Software1

CNVD•added 2018/06/26 12:0 a.m.•2 views

Unspecified Vulnerability in Phusion Passenger

Phusion Passenger is an Apache module for deploying Ruby on Rails projects on Apache and Nginx web servers from Phusion Netherlands. A security vulnerability exists in the 'switchGroup' function in the agent/ExecHelper/ExecHelperMain.cpp file in Phusion Passenger, which stems from the program...

5.3CVSS5.3AI score0.00198EPSS

Exploits0References1

Veracode•added 2018/06/22 2:35 a.m.•13 views

Privilege Escalation

Phusion Passenger is vulnerable to privilege escalation. The gidset variable that manages group permissions is not set properly, leaving group permissions to be assigned at random due to a uninitialized buffer...

5.3CVSS5.4AI score0.00198EPSS

Exploits0References1Affected Software1