Category Archives: Advisories

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Read Time:20 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal

Read Time:21 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal

Title: Open WebUI Arbitrary File Upload + Path Traversal
Advisory ID: KL-001-2024-006
Publication Date: 2024.08.D06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE…

Read More

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting

Read Time:22 Second

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting

Title: Open WebUI Stored Cross-Site Scripting
Advisory ID: KL-001-2024-005
Publication Date: 2024.08.06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE Classification: CWE-79:…

Read More

chromium-127.0.6533.99-1.fc40

Read Time:23 Second

FEDORA-2024-0462a59d45

Packages in this update:

chromium-127.0.6533.99-1.fc40

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

chromium-127.0.6533.99-1.el8

Read Time:23 Second

FEDORA-EPEL-2024-43f7d896ee

Packages in this update:

chromium-127.0.6533.99-1.el8

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

chromium-127.0.6533.99-1.el9

Read Time:23 Second

FEDORA-EPEL-2024-eb5d8834c8

Packages in this update:

chromium-127.0.6533.99-1.el9

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

chromium-127.0.6533.99-1.fc39

Read Time:23 Second

FEDORA-2024-b60f51180f

Packages in this update:

chromium-127.0.6533.99-1.fc39

Update description:

Update to 127.0.6533.99

* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio

Read More

Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation

Read Time:24 Second

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More