| Max CVSS | 7.5 | Min CVSS | 4.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-12028 | 6.8 |
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager
|
03-10-2019 - 00:03 | 17-06-2018 - 20:29 | |
| CVE-2018-12027 | 6.5 |
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain
|
03-10-2019 - 00:03 | 17-06-2018 - 20:29 | |
| CVE-2018-12026 | 7.5 |
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could
|
08-03-2019 - 14:17 | 17-06-2018 - 20:29 | |
| CVE-2018-12029 | 4.4 |
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file wi
|
08-03-2019 - 14:12 | 17-06-2018 - 20:29 |