GHSA-JR9X-3X7M-4J75 Mattermost allows a remote actor to make an arbitrary local channel read-only

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...

Mattermost allows a user on a remote to set their remote username prop to an arbitrary string

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the...

CVE-2024-36492

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user...

CVE-2024-41162 Malicious remote can make an arbitrary local channel read-only

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...

CVE-2024-39839

Mattermost server vulnerability CVE-2024-39839 affects Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x

CVE-2024-39777 Malicious remote can invite itself to an arbitrary local channel

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...

CVE-2024-5270

Mattermost vulnerable in multiple tracked versions (8.1.x <= 8.1.12; 9.5.x <= 9.5.3; 9.6.x <= 9.6.1; 9.7.x email switch. Impact: improper access control for authentication method and related data. Mitigation: upgrade to versions later than the listed fixed versions (as documented in PT-2...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2022 - Includes Oracle October 2022 CPU and IBM Java - OpenJ9 CVE-2022-3676

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 and IBM Ja...

K14386: BIND vulnerability CVE-2013-2266

Security Advisory Description libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a...

Mageia: Security Advisory (MGASA-2013-0237)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4620

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing crafted zone data and then...

Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

Mandriva Linux Security Advisory : bind (MDVSA-2013:202)

A vulnerability has been discovered and corrected in bind : The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of...

CVE-2013-2266

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a memory-exhaustion attack again...

Mandriva Update for bind MDVSA-2011:115 (bind)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for bind MDVSA-2010:253 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDVSA-2010:253 bind Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

ISC BIND 9 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV-R3, 9.7.x < 9.7.2-P3 Multiple Vulnerabilities

According to its self-reported version number, the remote installation of BIND is affected by multiple vulnerabilities : - Failure to clear existing RRSIG records when a NO DATA is negatively cached could cause subsequent lookups to crash named. CVE-2010-3613 - Named, when acting as a DNSSEC...