Vulnerabilities (CVE)

Filtered by vendor Modwsgi Subscribe

Filtered by product Mod Wsgi

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-0240	1 Modwsgi	1 Mod Wsgi	2017-12-21	6.2 MEDIUM	N/A
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
CVE-2014-8583	1 Modwsgi	1 Mod Wsgi	2017-07-01	6.9 MEDIUM	N/A
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.