33 matches found
CVE-2026-8596
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...
CVE-2026-34148
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...
Leantime allows Cross-Site Request Forgery (CSRF)
CSRF Summary A cross-site request forgery vulnerability allows a remote actor to create an account with Owner privileges. By luring an Owner or Administrator into clicking a button on an attacker-controlled website, a request will be issued, generating an account with the attacker's information a...
GO-2024-3031 Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server...
GO-2024-3020 Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server...
GO-2024-3022 Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server...
GO-2024-3023 Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server...
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled...
Mattermost allows a remote actor to make an arbitrary local channel read-only
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
GHSA-762M-4CX6-6MF4 Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled...
GHSA-JR9X-3X7M-4J75 Mattermost allows a remote actor to make an arbitrary local channel read-only
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
GHSA-9FPW-C9X7-CV3J Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...
GHSA-VG67-CHM7-8M3J Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
PT-2024-29301 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote actor to make an arbitrary local...
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
DEBIAN-CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
UBUNTU-CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...