21 matches found
EUVD-2005-2747
Malware in sbrugna...
EUVD-2023-34248
Malicious code in bioql PyPI...
Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to Mattermost failing to sanitize the RemoteClusterFrame payloads before audit logging them. Attackers with access to the audit logs can exploit this to read message contents...
Mattermost Information Disclosure Vulnerability (CNVD-2024-30628)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a message disclosure vulnerability. An attacker can exploit the vulnerability to cause the contents of a message to be read...
CVE-2024-39353
Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents...
CVE-2024-39353 RemoteClusterFrame payloads are audit logged in full
Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents...
CVE-2024-39353 RemoteClusterFrame payloads are audit logged in full
Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents...
CVE-2024-39353
Mattermost Server vulnerability CVE-2024-39353 affects versions 9.5.x (
Cross site scripting
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
Command injection
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...
CVE-2023-2792 Ephemeral messages return private channel contents in permalink previews
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...
PT-2023-17237 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to request a preview of an existing message when creating a new message via the "createPost API call", disclosing the contents of the linked message...
Input validation
A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...
Cisco Jabber for Windows Information Disclosure (cisco-sa-jabber-ttcgB9R3)
According to its self-reported version, Cisco Jabber is affected by a information disclosure vulnerability. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful...
Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability
A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...
CVE-2010-4659
StatusNet (open-source PHP-based micro-blogging platform) contains a cross-site scripting (XSS) vulnerability in error message contents up through 2010. The root cause is insufficient validation of client-side data by the web application, enabling an attacker to execute client-side code via craft...
Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-2407-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2407-1 advisory. Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated...
Fedora Update for syslog-ng FEDORA-2008-0559
Check for the Version of syslog-ng OpenVAS Vulnerability Test Fedora Update for syslog-ng FEDORA-2008-0559 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Fedora Update for syslog-ng FEDORA-2008-10920
Check for the Version of syslog-ng OpenVAS Vulnerability Test Fedora Update for syslog-ng FEDORA-2008-10920 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...