Lucene search
+L

127 matches found

Circl
Circl
added 2024/12/18 7:21 p.m.8 views

CVE-2024-12741

creationtimestamp| type| source ---|---|--- 2024-12-18 19:21:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113675448862003579 2024-12-18 22:04:01+00:00| seen| https://t.me/cvedetector/13249 2025-03-03 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-105/...

8.4CVSS7.2AI score0.0423EPSS
Exploits0References4
Circl
Circl
added 2024/11/20 4:8 a.m.16 views

CVE-2024-51927

creationtimestamp| type| source ---|---|--- 2024-11-20 04:08:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113513312411798848...

6.5CVSS6.9AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:57 a.m.45 views

BIT-MATTERMOST-2023-49874

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

4.3CVSS4.5AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 9:30 a.m.10 views

GHSA-6MX3-9QFH-77GJ Mattermost denial of service through long emoji value

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...

5.3CVSS5.1AI score0.0068EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/02/29 9:30 a.m.15 views

Mattermost denial of service through long emoji value

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...

6.5CVSS6.8AI score0.0068EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/29 8:6 a.m.13 views

CVE-2024-24988 Excessive resource consumption when sending long emoji names in user custom status

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...

4.3CVSS6.7AI score0.0068EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.7 views

PT-2024-2031 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: The issue is related to uncontrolled resource consumption. An attacker can exploit this by setting a custom user status with an emoji value as a very long string, causing high resource...

6.5CVSS7.1AI score0.0068EPSS
Exploits0References14
Prion
Prion
added 2023/12/12 9:15 a.m.29 views

Design/Logic Flaw

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

4CVSS7.1AI score0.00374EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.4 views

PT-2023-5371 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 Description: The issue is related to a stack overflow in the dir setWanWifi function, which can be triggered via the statuscheckpppoeuser parameter. This can potentially allow a remote attacker to impact th...

9.8CVSS9.6AI score0.00884EPSS
Exploits1References9
OSV
OSV
added 2023/08/11 9:30 a.m.13 views

GHSA-P267-JJFQ-PPHF Mattermost fails to check if user is a guest before performing actions on public playbooks

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks...

6.3CVSS6.3AI score0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Cleaning Business Software Security Vulnerability

Cleaning Business Software is an open source cleaning business software by PHPJabbers. PHPJabbers Cleaning Business Software version 1.0 has a security vulnerability , the vulnerability stems from the password recovery function , through the message difference can determine whether the user is...

5.3CVSS6.9AI score0.00485EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-41239

Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It...

4.3CVSS5.3AI score0.01115EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS5.5AI score0.00918EPSS
Exploits1References5
NVD
NVD
added 2022/11/25 8:15 p.m.20 views

CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS0.00918EPSS
Exploits1References4
OSV
OSV
added 2022/11/25 8:15 p.m.1 views

DEBIAN-CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS5.7AI score0.00918EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.7 views

PT-2022-24905 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. Recommendations: For versions prior to 3.6.1, upgrad...

8.8CVSS6AI score0.04698EPSS
Exploits10References53
OSV
OSV
added 2022/06/14 10:15 a.m.5 views

CVE-2022-32254

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

7.5CVSS5.8AI score0.00787EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/14 10:15 a.m.3 views

CVE-2022-32254

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

7.5CVSS5.5AI score0.00787EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:11 p.m.55 views

GHSA-774Q-WFCP-VC2Q Moodle Email media URL tokens were not checking for user status

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

5.3CVSS5AI score0.01068EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:11 p.m.18 views

Moodle Email media URL tokens were not checking for user status

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

5.3CVSS7AI score0.01068EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder