Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
passenger vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x up to and including 5.x prior to 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink aft...
Phusion Passenger
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote malicious users to delete arbitrary files during the startup process.
Phusion Passenger 4.0.0
Redhat Openshift 1.0
NA
CVE-2008-1570
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1...
Policyd-weight Policyd-weight 0.1.14 Beta-14
NA
CVE-2008-1569
policyd-weight 0.1.14 beta-16 and previous versions allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
Policyd-weight Policyd-weight
5.5
CVSSv3
CVE-2019-14409
cPanel prior to 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).
Cpanel Cpanel
4.7
CVSSv3
CVE-2017-14937
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles man...
Pcu Pcu 2014
NA
CVE-2013-4961
Puppet Enterprise prior to 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote malicious users to obtain sensitive information.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2