Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

https://security-tracker.debian.org/tracker/DSA-5741-1

Read More

Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.

https://security-tracker.debian.org/tracker/DSA-5743-1

Read More

A vulnerability was discovered in odoo, a suite of web based open
source business apps. It could result in the execution of arbitrary
code.

https://security-tracker.debian.org/tracker/DSA-5742-1

Read More

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5744-1

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection

Title: Journyx Unauthenticated XML External Entities Injection
Advisory ID: KL-001-2024-010
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-009: Journyx Reflected Cross Site Scripting

Title: Journyx Reflected Cross Site Scripting
Advisory ID: KL-001-2024-009
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE Classification: CWE-81:…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-008: Journyx Authenticated Remote Code Execution

Title: Journyx Authenticated Remote Code Execution
Advisory ID: KL-001-2024-008
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce

Title: Journyx Unauthenticated Password Reset Bruteforce
Advisory ID: KL-001-2024-007
Publication Date: 2024.08.07
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

1. Vulnerability Details

     Affected Vendor: Journyx
     Affected Product: Journyx (jtime)
     Affected Version: 11.5.4
     Platform: GNU/Linux
     CWE…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal

Title: Open WebUI Arbitrary File Upload + Path Traversal
Advisory ID: KL-001-2024-006
Publication Date: 2024.08.D06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE…

Read More

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 07

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting

Title: Open WebUI Stored Cross-Site Scripting
Advisory ID: KL-001-2024-005
Publication Date: 2024.08.06
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt

1. Vulnerability Details

     Affected Vendor: Open WebUI
     Affected Product: Open WebUI
     Affected Version: 0.1.105
     Platform: Debian 12
     CWE Classification: CWE-79:…

Read More