CVE-2024-10241

Mattermost versions 9.5.x = 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K...

SUSE CVE-2024-10241

Mattermost versions 9.5.x = 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K...

openSUSE Security Advisory (SUSE-SU-2024:3911-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-10241

Mattermost versions 9.5.x = 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K...

CVE-2024-10241

CVE-2024-10241 affects Mattermost 9.5.x up to 9.5.9 when ElasticSearch is enabled. The root cause is improper filtering of channel data, enabling a user to reveal private channel names by triggering the Ctrl/Cmd+K channel-switch UI. Impact is information disclosure of private channels; no other c...

Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in May 2018 and Jetty Server update in May 2019. Vulnerability Detai...

Security Bulletin: Multiple Java Vulnerabilities Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in May 2019 Vulnerability Details CVE-ID: CVE-2019-10246 Description: Eclipse...

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of Eclipse Jetty that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2019-10246 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by...

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server

Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServl...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.4.3 release and security update

Red Hat AMQ Broker 7.4.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.6 release and security update

Red Hat AMQ Broker 7.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Service Tester

Summary Eclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks. Vulnerability Details CVEID: CVE-2019-10241 DESCRIPTION: Eclipse Jetty is vulnerable to...

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Performance Tester

Summary Eclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks. Vulnerability Details CVEID: CVE-2019-10241 DESCRIPTION: Eclipse Jetty is vulnerable to...

Eclipse Jetty XSS Vulnerability (CVE-2019-10241) - Windows

Eclipse Jetty is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty...

Eclipse Jetty XSS Vulnerability (CVE-2019-10241) - Linux

Eclipse Jetty is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty...

CVE-2019-10241

CVE-2019-10241 affects Eclipse Jetty prior to specific release lines: 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older. The vulnerability is an XSS due to improper validation of user-supplied input by DefaultServlet and ResourceHandler when a remote client uses a specially crafted URL to ...

CVE-2018-10241

CVE-2018-10241 describes a denial-of-service in SolarWinds Serv-U prior to 15.1.6 HFv1. An authenticated user can crash the application via a specially crafted URL beginning with the /Web%20Client/ path. Root cause: a NULL pointer dereference. Affected product: SolarWinds Serv-U FTP server softwa...

CVE-2017-10241

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2017-10241

CVE-2017-10241 affects Oracle VM VirtualBox (Core) prior to 5.1.24. The vulnerability allows a high-privilege attacker with logon to compromise VirtualBox, potentially causing a hang or frequently repeatable crash (complete DOS), and unauthorized read/write/delete access to some VirtualBox data. ...

Oracle VirtualBox Multiple Unspecified Vulnerabilities (Jul 2017) - Windows

Oracle VirtualBox is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...