Dell PowerScale OneFS 9.5.x < 9.10.1.7 / 9.11.x < 9.13.0.1 Information Disclosure (DSA-2026-125)

The version of Dell PowerScale OneFS running on the remote host is 9.5.x prior to 9.10.1.7 or 9.11.x prior to 9.13.0.1. It is, therefore, affected by a vulnerability: - A generation of error message containing sensitive information vulnerability allows a high privileged attacker with local access...

EUVD-2020-6398

Malware in sbrugna...

CVE-2025-36601

Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure...

Dell PowerScale OneFS 资源管理错误漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has a resource management error vulnerability that stems from the inclusion of an uncontrolled resource consumption...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.10.2 and prior 9.10.x, 9.11.1 and prior 9.11.x, and 9.5.9 and prior 9.5.x. The vulnerability stems from an inability to check that the origin of...

PT-2024-31806 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from Mattermost's failure to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, potentially allowing an attacker to cause a server-side reques...

PT-2024-39459 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 Description: The issue allows an attacker to view unlinked channel files in channels they are a member of, due to a...

CVE-2024-40884

Mattermost Server 9.5.x (up to 9.5.7) and 9.10.x (up to 9.10.0) are affected by an improper access control issue that allows a team admin user without the Add Team Members permission to disable the invite URL. The issue is caused by insufficient enforcement of permissions (no explicit access cont...

CVE-2024-43813

CVE-2024-43813 affects Mattermost Server: versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0 do not enforce proper access controls, allowing any authenticated user (including guests) to mark any channel inside any team as read for any user. Root cause: improper access control in read-marking func...

PT-2024-27027 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote user to overwrite an existing loc...

CVE-2024-39807

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

PT-2024-25722 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to improper access control, allowing a guest to obtain metadata of a public playbook ru...

HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform, which stems from a store...

HCL Technologies HCL BigFix Platform 跨站脚本漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL Technologies HCL BigFix Platform version...

HCL Digital Experience 跨站脚本漏洞

HCL Digital Experience is a suite of digital experience platforms, content delivery solutions from HCL India. A cross-site scripting vulnerability exists in HCL Digital Experience versions 8.5, 9.0, and 9.5, which stems from the lack of proper validation of client-side data in the WEB application...

CVE-2020-14223

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting XSS. The vulnerability could be employed in a reflected or non-persistent XSS attack...

PT-2020-13404 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 9.5 through 13.0.1 Description: An authorization issue was identified that could allow unauthorized users to impersonate a project maintainer, enabling them to perform limited actions. Recommendations: For GitLab EE version...

IBM BigFix Platform Information Disclosure Vulnerability (CNVD-2018-25405)

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system multi-technology platform. An information disclosure vulnerability exists in IBM BigFix Platform versions 9.5 through 9.5.9 and 9.2 through 9.2.14, which can be exploited by an attacker to gain...

PT-2018-5783 · Ibm · Ibm Doors Web Access

Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows an authenticated user to obtain sensitive information from HTTP internal server error responses. Recommendations: For IBM Doors Web Access versions 9.5 through 9.6,...

IBM BigFix Platform Information Disclosure Vulnerability (CNVD-2017-32856)

IBM BigFix Platform formerly IBM Tivoli Endpoint Manager is a system management software. An information disclosure vulnerability exists in IBM BigFix Platform 9.2 and 9.5. The vulnerability arises because the software communicates sensitive or safety-critical data in plaintext over a channel tha...