It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)
It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
A vulnerability was discovered in odoo, a suite of web based open
source business apps. It could result in the execution of arbitrary
code.
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection
Title: Journyx Unauthenticated XML External Entities Injection
Advisory ID: KL-001-2024-010
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux…
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-009: Journyx Reflected Cross Site Scripting
Title: Journyx Reflected Cross Site Scripting
Advisory ID: KL-001-2024-009
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux
CWE Classification: CWE-81:…
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-008: Journyx Authenticated Remote Code Execution
Title: Journyx Authenticated Remote Code Execution
Advisory ID: KL-001-2024-008
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux
CWE…
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce
Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux
CWE…
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal
Title: Open WebUI Arbitrary File Upload + Path Traversal
Advisory ID: KL-001-2024-006
Publication Date: 2024.08.D06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt
1. Vulnerability Details
Affected Vendor: Open WebUI
Affected Product: Open WebUI
Affected Version: 0.1.105
Platform: Debian 12
CWE…
