How severe is CVE-2018-12029?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-12029?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2018-12029

HIGH Year: 2018

CVSS v3 Score

7.0

High

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

CVE-2009-3547

HIGH

CVSS:7.0(High)

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting ...

CWE-3622009

CVE-2010-1437

HIGH

CVSS:7.0(High)

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system ...

CWE-3622010

CVE-2010-5159

HIGH

CVSS:7.0(High)

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler bu...

CWE-3622010

CVE-2010-5169

HIGH

CVSS:7.0(High)

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not bl...

CWE-3622010

CVE-2010-5181

HIGH

CVSS:7.0(High)

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not...

CWE-3622010

CVE-2011-0699

HIGH

CVSS:7.0(High)

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified oth...

CWE-3622011

CVE-2018-12029

Vulnerability Description

Related Vulnerabilities

CVE-2009-3547

CVE-2010-1437

CVE-2010-5159

CVE-2010-5169

CVE-2010-5181

CVE-2011-0699