Lucene search
K

111 matches found

BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.4 views

The vulnerability of the nginx web server module in Phusion Passenger, related to the simultaneous use of shared resources and synchronization errors, allows attackers to gain access to confidential data.

The vulnerability of the nginx web server module in Phusion Passenger is related to the simultaneous use of a shared resource and synchronization errors when the passengerinstanceregistrydir configuration is not set strictly enough. Exploiting this vulnerability can allow an attacker to gain acce...

7CVSS7.1AI score0.00276EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2018/11/27 9:4 a.m.6 views

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

7.8CVSS7.4AI score0.124EPSS
Exploits0References5
OSV
OSV
added 2018/07/23 8:43 a.m.5 views

SUSE-SU-2018:2039-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module bsc1097663...

7CVSS7AI score0.00276EPSS
Exploits0References3
CNVD
CNVD
added 2018/07/03 12:0 a.m.4 views

Phusion Passenger nginx module elevation of privilege vulnerability

Phusion Passenger is an Apache module from the Dutch company Phusion for deploying Ruby on Rails projects on Apache and Nginx web servers. nginx module is one of the Nginx server modules. A security vulnerability in the nginx module in Phusion Passenger versions 5.3.2 through 3.x excluding versio...

7CVSS6.9AI score0.00276EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/06/17 8:29 p.m.23 views

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

7CVSS7AI score0.00276EPSS
Exploits0References5
OSV
OSV
added 2018/06/17 8:29 p.m.2 views

DEBIAN-CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

7CVSS6.7AI score0.00276EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/06/17 8:0 p.m.34 views

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

7CVSS7.1AI score0.00276EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/17 8:0 p.m.40 views

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

5.7AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2017/04/18 8:59 p.m.4 views

UBUNTU-CVE-2016-10345

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...

7.8CVSS5.8AI score0.00464EPSS
Exploits0References4
OSV
OSV
added 2017/04/18 8:59 p.m.3 views

DEBIAN-CVE-2016-10345

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...

7.8CVSS7.4AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2012/04/17 9:55 p.m.1 views

DEBIAN-CVE-2012-2089

Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...

6.8CVSS8.1AI score0.09629EPSS
Exploits1References1
Rows per page
Query Builder