CVE-2019-13049
An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges.
Source: CVE-2019-13049
[월:] 2019년 06월
CVE-2019-13048
CVE-2019-13048
kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE).
Source: CVE-2019-13048
CVE-2019-13046
CVE-2019-13046
linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications.
Source: CVE-2019-13046
CVE-2019-13047
CVE-2019-13047
kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access.
Source: CVE-2019-13047
CVE-2019-13038
CVE-2019-13038
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
Source: CVE-2019-13038
CVE-2019-13045
CVE-2019-13045
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
Source: CVE-2019-13045
CVE-2019-13044
CVE-2019-13044
An insecure login process was discovered in Panduit IntraVUE before 3.2.0.
Source: CVE-2019-13044
CVE-2019-13035
CVE-2019-13035
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:PandoraFMS (the current directory) as NT AUTHORITYSYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITYSYSTEM.
Source: CVE-2019-13035
CVE-2019-13031
CVE-2019-13031
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.
Source: CVE-2019-13031
CVE-2019-13032
CVE-2019-13032
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
Source: CVE-2019-13032