Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
Category Archives: Advisories
DSA-5742-1 odoo – security update
A vulnerability was discovered in odoo, a suite of web based open
source business apps. It could result in the execution of arbitrary
code.
DSA-5744-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection
Title: Journyx Unauthenticated XML External Entities Injection
Advisory ID: KL-001-2024-010
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux…
KL-001-2024-009: Journyx Reflected Cross Site Scripting
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-009: Journyx Reflected Cross Site Scripting
Title: Journyx Reflected Cross Site Scripting
Advisory ID: KL-001-2024-009
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux
CWE Classification: CWE-81:…
KL-001-2024-008: Journyx Authenticated Remote Code Execution
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-008: Journyx Authenticated Remote Code Execution
Title: Journyx Authenticated Remote Code Execution
Advisory ID: KL-001-2024-008
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux
CWE…
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce
Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt
1. Vulnerability Details
Affected Vendor: Journyx
Affected Product: Journyx (jtime)
Affected Version: 11.5.4
Platform: GNU/Linux
CWE…
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal
Title: Open WebUI Arbitrary File Upload + Path Traversal
Advisory ID: KL-001-2024-006
Publication Date: 2024.08.D06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt
1. Vulnerability Details
Affected Vendor: Open WebUI
Affected Product: Open WebUI
Affected Version: 0.1.105
Platform: Debian 12
CWE…
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting
Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting
Title: Open WebUI Stored Cross-Site Scripting
Advisory ID: KL-001-2024-005
Publication Date: 2024.08.06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt
1. Vulnerability Details
Affected Vendor: Open WebUI
Affected Product: Open WebUI
Affected Version: 0.1.105
Platform: Debian 12
CWE Classification: CWE-79:…
chromium-127.0.6533.99-1.fc40
FEDORA-2024-0462a59d45
Packages in this update:
chromium-127.0.6533.99-1.fc40
Update description:
Update to 127.0.6533.99
* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio