EUVD-2009-2814

Malware in sbrugna...

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

CVE-2025-49810

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

Mattermost Fails to Validate File Paths

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

GHSA-PWVR-GRQG-7VP2 Mattermost Lack of Access Control Validation

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an uncleaned Team Invitation ID, which could lead to the acquisition of a Team Invitation ID.The following versions are affected: 10.8.3 an...

CVE-2010-1801

Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PDF file...

SUSE CVE-2010-0541

Cross-site scripting XSS vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page...

Apple Mac OS X Multiple Vulnerabilities-03 (Apr 2017)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MacOS X EvoCam HTTP GET Buffer Overflow

No description provided by source. $Id: evocamwebserver.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

CVE-2010-1846

Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted RAW image...

CVE-2010-3796

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications...

CVE-2010-3797

CVE-2010-3797: XSS in Wiki Server for Mac OS X Server (10.5.8 and 10.6.x prior to 10.6.5). A remote authenticated user can inject arbitrary script/HTML via wiki page editing. The issue is mitigated by applying the Mac OS X 10.6.5 Security Update (Security Update 2010-007) which includes input val...

Stack overflow

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...

CVE-2010-1831

Buffer overflow in Apple Type Services ATS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document...

CVE-2010-1840

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...

Apple Ships Java Patches, Says It May Drop Java From Future OS X Releases

Apple has shipped security fixes for a number of bugs in its Java implementation, and the company also said that it has deprecated its Java implementation in OS X and may remove it from future release of the operating system. Apple’s patch release on Wednesday included several fixes for...

CVE-2010-1375

NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors...

Authorization

NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors...