95 matches found
CVE-2026-45266
Nextcloud vulnerability CVE-2026-45266 affects the internal signaling path in Nextcloud’s collaboration platform. A low-privileged user can force other users’ microphones to be muted in calls when no High-performance Backend is installed. Root causes appear to be missing permission checks during ...
CVE-2026-45266 Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...
CVE-2026-45266 Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...
EUVD-2026-33678
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...
PT-2026-45476
Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...
NextCloud Access Control Vulnerability
Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Vulnerabilities existed in versions of Nextcloud prior to 21.1.10, 22.0.11, and 23.0.3 due to access control flaws. These vulnerabilities stemmed from...
CVE-2026-46057 landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...
Unauthorized force-mute from missing permission check when using internal signaling
None...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41getacpimutestate Return value of a function acpievaluatedsm is dereferenced without checking for NULL, but it is usually checked for this function. acpievaluatedsm may...
SUSE CVE-2026-21386
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
CVE-2026-21386
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
Security update for mumble (low)
openSUSE security update: security update for mumble ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20394-1 Rating: low References: bsc1259721 Cross-References: CVE-2025-71264 Affected Products: openSUSE Leap 16.0...
GO-2026-4744 Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server
Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
EUVD-2026-12437
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
Mattermost fails to use consistent error responses when handling the /mute command
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via inconsistent error handling in the /mute command. An attacker can infer the existence of private channels they are not authorized to access by analyzing the differences in error messages returned for nonexistent...
GHSA-5MR9-CRCG-8WH2 Mattermost fails to use consistent error responses when handling the /mute command
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
CVE-2026-21386
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
CVE-2026-21386
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...
CVE-2026-21386
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...