9 matches found
EUVD-2022-2266
Malicious code in bioql PyPI...
Phusion Passenger incorrect permission assignment
An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...
Unspecified Vulnerability in Phusion Passenger
Phusion Passenger is an Apache module for deploying Ruby on Rails projects on Apache and Nginx web servers from Phusion Netherlands. A security vulnerability exists in the 'switchGroup' function in the agent/ExecHelper/ExecHelperMain.cpp file in Phusion Passenger, which stems from the program...
CVE-2018-12615
An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...
CVE-2018-12615
An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...
CVE-2018-12615
An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...
CVE-2018-12615
An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...
CVE-2018-12615
An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...
CVE-2018-12615
Phusion Passenger (before 5.3.2) is affected by CVE-2018-12615. The issue is in switchGroup() (agent/ExecHelper/ExecHelperMain.cpp): the gidset controlling supplementary groups is not set correctly, leaving it up to randomness (uninitialized memory) to determine which groups are actually applied ...