CVE-2024-39361

Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...

CVE-2024-6428

Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2, 9.5.x = 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the user ID, resulting in creating a user with a user-defined user ID. This can cause some broken...

PT-2024-35473 · Holy Stone · Holy Stone Remote Id Module Hsrid01 +1

Name of the Vulnerable Software and Affected Versions: Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before version 1.1.8 Description: The issue allows unauthenticated "remote power off" actions in broadcast mode via multiple read operations on th...

PT-2024-37620 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost versions 9.6.x through 9.6.2 Mattermost versions 9.7.x through 9.7.4 Mattermost version 9.8.0 Description: The issue allows an attacker to specify both a remoteId and the user ID when creatin...