EUVD-2021-18480

Malware in sbrugna...

EUVD-2024-34599

Malicious code in bioql PyPI...

CVE-2025-4573

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

CVE-2025-4573

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

CVE-2025-4573

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

CVE-2024-23493

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

BIT-MATTERMOST-2024-23493

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

Exposure Of Sensitive Information To An Unauthorized Actor

Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...

CVE-2024-34029

Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team...

Mattermost 安全漏洞

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security bypass vulnerability exists in Mattermost Server, which can be exploited by an attacker to bypass access restrictions and learn about the members of an AD/LDAP group linked to a team by...

SUSE: Security Advisory (SUSE-SU-2018:3815-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : salt (openSUSE-2019-1019)

This update for salt fixes the following issues : Security issues fixed : - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security...

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2018:3815-1)

This update for salt fixes the following issues : Security issues fixed : CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issues...

openSUSE Security Update : salt (openSUSE-2018-1569)

This update for salt fixes the following issues : Security issues fixed : - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security...

openSUSE: Security Advisory for salt (openSUSE-SU-2018:4174-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for salt (important)

This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issue...

SUSE-SU-2018:3862-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issue...

SUSE-SU-2018:3815-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issue...

CVE-2017-1539

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807...

Deleting a user does not remove the user from its LDAP group

Jira team: I believe this to be a JIRA bug because this scenario does not reproduce in Confluence when it is linked to Crowd. - Add an LDAP directory to Crowd. Make sure to have the "jira-users", "jira-administrators" and "jira-developers" groups exist in LDAP. - Add Crowd Server as a directory t...