EUVD-2024-2667

Malicious code in bioql PyPI...

CVE-2025-47930

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...

CVE-2025-47930 Zulip Server has access control bypass for restrictions on creation of specific channel types

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...

CVE-2025-47930

Zulip Server vulnerability CVE-2025-47930 affects versions 10.0–10.2, where the access control for creating certain channel types can be bypassed by creating a private or web-public channel and then changing its privacy to public (and a similar method to create private channels without permission...

CVE-2022-49909

The connected advisories describe CVE-2022-49909 as a Linux kernel Bluetooth L2CAP use-after-free (A2MP) in l2cap_conn_del(). When l2cap_recv_frame() processes data and creates an A2MP channel that is not held, the reference counting can reach 1, and during hci_error_reset(), l2cap_chan_unlock() ...

CVE-2022-49909

...

SUSE CVE-2024-58009

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc A NULL sock pointer is passed into l2capsockalloc when it is called from l2capsocknewconnectioncb and the error handling paths should also be aware of it. Seemingly a...

drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()

...

DEBIAN-CVE-2024-56752

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100grchannew When the call to gf100grctxgenerate fails, unlock gr-fecs.mutex before returning the error. Fixes smatch warning: drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480...

BIT-MATTERMOST-2024-39837

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to properly restrict channel creation. This allows a malicious remote user to create arbitrary channels, when shared channels were enabled...

GO-2024-3032 Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server

Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server...

GHSA-VVPG-55P7-5H8W Mattermost did not properly restrict channel creation

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

Mattermost did not properly restrict channel creation

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

CVE-2024-39837

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

CVE-2024-39837

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

CVE-2024-39837

Mattermost Server (Mattermost) is affected by CVE-2024-39837. The issue is in channel creation restriction when shared channels are enabled, allowing a remote attacker to create arbitrary channels. This affects Mattermost versions 9.9.x <= 9.9.0 and 9.5.x

PT-2024-28692 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Description: The issue is related to the improper restriction of channel creation, allowing a malicious remote user to create arbitrary channels when shared...

PT-2022-35288 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the Bluetooth L2CAP protocol in the Linux Kernel. It involves the initialization of delayed works at the l2cap chan create function. The actual impact and attack...

PT-2022-35829 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to the Bluetooth L2CAP protocol in the Linux Kernel. It involves the initialization of delayed works at the l2cap chan create function. The actual impact and attack...