32 matches found
EUVD-2024-0657
Malicious code in bioql PyPI...
CVE-2024-46622
An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion...
BIT-MATTERMOST-2024-1942
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...
BIT-MATTERMOST-2024-1952
Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...
PHP 8.1.x < 8.1.31 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.31, 8.2.x prior to 8.2.26, or 8.3.x prior to 8.3.14. It is, therefore, affected by multiple vulnerabilities: - OOB access in ldapescape. CVE-2024-8932 - Leak partial content of the...
Oracle MySQL Server 8.x <= 8.0.36, 8.1.x <= 8.4.0 Security Update (cpujul2024) - Linux
Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-31859
Mattermost CVE-2024-31859 describes an authorization flaw where a member running a playbook in an existing channel can be promoted to channel admin. Affected releases include Mattermost 8.1.x through 8.1.12, 9.5.x through 9.5.3, and 9.6.x through 9.6.1, due to failure to perform proper authorizat...
CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel
Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin...
CVE-2024-5270
Mattermost vulnerable in multiple tracked versions (8.1.x <= 8.1.12; 9.5.x <= 9.5.3; 9.6.x <= 9.6.1; 9.7.x email switch. Impact: improper access control for authentication method and related data. Mitigation: upgrade to versions later than the listed fixed versions (as documented in PT-2...
Mattermost fails to limit the number of active sessions
Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...
CVE-2024-22091
Mattermost versions 8.1.x = 8.1.10, 9.6.x = 9.6.0, 9.5.x = 9.5.2 and 8.1.x = 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths...
CVE-2024-4195
Mattermost CVE-2024-4195 affects Mattermost Server components prior to fixes in 9.5.3 and 8.1.12 for 9.6.0/9.5.x before 9.5.3 and 8.1.x before 8.1.12. The root cause is incomplete validation of role changes in team administration logic, allowing an attacker authenticated as a team admin to promot...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the presence of an issue where a team administrator can demote a user to guest via an HTTP request. The vulnerability affects the following...
Oracle MySQL Server 8.x <= 8.0.36, 8.1.x <= 8.3.0 Security Update (cpuapr2024) - Linux
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
CVE-2024-28949 DoS via a large number of User Preferences
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service...
Mattermost Server 安全漏洞
Mattermost Server is an open source messaging platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost Server versions 8.1.x through prior to 8.1.11 that stems from incorrect access control...
PT-2024-19090 · Mattermost · Mattermost Server
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions 8.1.x before 8.1.11 Description: The issue is related to improper access control, allowing an attacker to continue participating in a call even after being removed from the channel. This occurs when the attacker is ...
BIT-PHP-2021-21708 UAF due to php_filter_float() failing
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...
BIT-PHP-2022-31627 Heap buffer overflow in finfo_buffer
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...