719 matches found
Mattermost Server 10.5.x < 10.5.11 / 10.11.x < 10.11.3 / 10.12.0 Multiple Vulnerabilities (MMSA-2025-00497, MMSA-2025-00496, MMSA-2025-00516)
The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2025-00497, MMSA-2025-00496, MMSA-2025-00516 advisories. - Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when...
PT-2025-42888
Name of the Vulnerable Software and Affected Versions Mbed TLS versions through 3.6.4 Description Mbed TLS contains an Observable Timing Discrepancy. This issue may allow for timing attacks. Recommendations Update to a version of Mbed TLS newer than 3.6.4...
CVE-2025-54499
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
EUVD-2025-34730
Mattermost has an Observable Timing Discrepancy vulnerability...
CVE-2025-54499
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
CVE-2025-54499
Mattermost CVE-2025-54499 affects Mattermost Server 10.5.x (≤10.5.10) and 10.11.x (≤10.11.2). The root cause is non-constant-time comparison for sensitive strings, enabling timing-based side-channel attacks that could reveal Cloud API keys and OAuth client secrets. Connected advisories also link ...
EUVD-2021-23243
Malware in sbrugna...
EUVD-2018-17177
Malware in sbrugna...
EUVD-2018-0707
Malware in sbrugna...
EUVD-2010-5038
Malware in sbrugna...
EUVD-2016-9898
Malware in sbrugna...
EUVD-2020-5073
Malware in sbrugna...
EUVD-2005-0110
Malware in sbrugna...
EUVD-2021-1963
Malware in sbrugna...
EUVD-2013-1653
Malware in sbrugna...
EUVD-2020-9430
Malware in sbrugna...
EUVD-2011-0922
Malware in sbrugna...