127 matches found
CVE-2024-12741
creationtimestamp| type| source ---|---|--- 2024-12-18 19:21:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113675448862003579 2024-12-18 22:04:01+00:00| seen| https://t.me/cvedetector/13249 2025-03-03 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-105/...
CVE-2024-51927
creationtimestamp| type| source ---|---|--- 2024-11-20 04:08:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113513312411798848...
BIT-MATTERMOST-2023-49874
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...
GHSA-6MX3-9QFH-77GJ Mattermost denial of service through long emoji value
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...
Mattermost denial of service through long emoji value
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...
CVE-2024-24988 Excessive resource consumption when sending long emoji names in user custom status
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...
PT-2024-2031 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: The issue is related to uncontrolled resource consumption. An attacker can exploit this by setting a custom user status with an emoji value as a very long string, causing high resource...
Design/Logic Flaw
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...
PT-2023-5371 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 Description: The issue is related to a stack overflow in the dir setWanWifi function, which can be triggered via the statuscheckpppoeuser parameter. This can potentially allow a remote attacker to impact th...
GHSA-P267-JJFQ-PPHF Mattermost fails to check if user is a guest before performing actions on public playbooks
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks...
Cleaning Business Software Security Vulnerability
Cleaning Business Software is an open source cleaning business software by PHPJabbers. PHPJabbers Cleaning Business Software version 1.0 has a security vulnerability , the vulnerability stems from the password recovery function , through the message difference can determine whether the user is...
SUSE CVE-2021-41239
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It...
SUSE CVE-2022-39332
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...
CVE-2022-39332
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...
DEBIAN-CVE-2022-39332
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...
PT-2022-24905 · Nextcloud +2 · Nextcloud Desktop Client +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. Recommendations: For versions prior to 3.6.1, upgrad...
CVE-2022-32254
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...
CVE-2022-32254
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...
GHSA-774Q-WFCP-VC2Q Moodle Email media URL tokens were not checking for user status
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...
Moodle Email media URL tokens were not checking for user status
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...