Monthly Archive: June 2019

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. Date published : 2019-06-29 https://github.com/nginx/njs/issues/183

Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. Date...

The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters...

Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix...

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. Date published : 2019-06-29

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver...

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges. Date published : 2019-06-29 https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc-revenge.c

kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE). Date published : 2019-06-29 https://github.com/mehsauce/kowasuos/blob/master/dos/kowasu-sbrk.c

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. Date published : 2019-06-29 https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc.c

linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. Date published : 2019-06-29 https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-linker.sh

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. Date published : 2019-06-29 http://www.securityfocus.com/bid/108998 https://seclists.org/bugtraq/2019/Jun/41

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. Date published : 2019-06-29 https://lists.fedoraproject.org/archives/list/[email protected]/message/XU5GVFZW3C2M4ZBL4F7UP7N24FNUCX4E/ https://lists.fedoraproject.org/archives/list/[email protected]/message/A5E3JVHURJJNDP63CKVX5O5MJAGCQV4K/

Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will...

The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected. Date published : 2019-06-28 Web vulnerabilities are coming...