CVE-2024-39807

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

Missing Authorization

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authorization via the /api/v4/teams/teamid/channels/ids endpoint. An attacker can...

Linux Distros Unpatched Vulnerability : CVE-2021-47286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channe...

ExpressionEngine: SQL injection in structure plugin

An SQL injection flaw was discovered in ExpressionEngine's Structure plugin. User input from the channelids parameter was passed directly into SQL queries without proper sanitization. The vulnerability required admin panel access...

PT-2024-11290 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the Linux kernel, where the MHI Mobile Host Interface core does not properly validate channel IDs when processing command completions. This could lead to out-of-boun...

PT-2022-26106 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to 4.9 Description: The issue concerns an out-of-bounds read in Contiki-NG, an open-source operating system for IoT devices. It occurs while processing the L2CAP protocol in the Bluetooth Low Energy stack, where an...