Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-009: Journyx Reflected Cross Site Scripting

Title: Journyx Reflected Cross Site Scripting
Advisory ID: KL-001-2024-009
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE Classification: CWE-81:…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-008: Journyx Authenticated Remote Code Execution

Title: Journyx Authenticated Remote Code Execution
Advisory ID: KL-001-2024-008
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal

Title: Open WebUI Arbitrary File Upload + Path Traversal
Advisory ID: KL-001-2024-006
Publication Date: 2024.08.D06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting

Title: Open WebUI Stored Cross-Site Scripting
Advisory ID: KL-001-2024-005
Publication Date: 2024.08.06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE Classification: CWE-79:…

Read More

FEDORA-2024-0462a59d45

Packages in this update:

chromium-127.0.6533.99-1.fc40

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

FEDORA-EPEL-2024-eb5d8834c8

Packages in this update:

chromium-127.0.6533.99-1.el9

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

FEDORA-EPEL-2024-43f7d896ee

Packages in this update:

chromium-127.0.6533.99-1.el8

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

FEDORA-2024-b60f51180f

Packages in this update:

chromium-127.0.6533.99-1.fc39

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More