Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
passenger vulnerabilities and exploits
(subscribe to this query)
392
VMScore
CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x up to and including 5.x prior to 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink aft...
Phusion Passenger
Debian Debian Linux 8.0
107
VMScore
CVE-2017-16355
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from th...
Phusion Passenger
Debian Debian Linux 9.0
614
VMScore
CVE-2008-1570
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1...
Policyd-weight Policyd-weight 0.1.14 Beta-14
294
VMScore
CVE-2008-1569
policyd-weight 0.1.14 beta-16 and previous versions allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
Policyd-weight Policyd-weight
187
VMScore
CVE-2019-14409
cPanel prior to 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).
Cpanel Cpanel
230
VMScore
CVE-2017-14937
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles man...
Pcu Pcu 2014
445
VMScore
CVE-2013-4961
Puppet Enterprise prior to 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote malicious users to obtain sensitive information.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2