NotCVE - vendor:"Phusion" product:"Passenger"

Page 2 of 13 results (0.001 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-1832

https://notcve.org/view.php?id=CVE-2014-1832

19 Feb 2015 — Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. Phusion Passenger 4.0.37 permite a usuarios locales escribir a ciertos ficheros y directorios a través de un ataque de enlace simbólico sobre (1) control_process.pid o (2) un fichero generation-*. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CV... • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2013-2119 – rubygem-passenger: incorrect temporary file usage

https://notcve.org/view.php?id=CVE-2013-2119

05 Aug 2013 — Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero "con... • http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2013-4136 – rubygem-passenger: insecure temporary directory usage due to reuse of existing server instance directories

https://notcve.org/view.php?id=CVE-2013-4136

05 Aug 2013 — ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. ext/common/ServerInstanceDir.h en Phusion Passenger gem anteriores a 4.0.6 para Ruby permite a usuarios locales obtener privilegios o posiblemente cambiar el propietario de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre un directorio con nom... • http://rhn.redhat.com/errata/RHSA-2013-1136.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

1 2