CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin...

CVE-2024-31859

Mattermost CVE-2024-31859 describes an authorization flaw where a member running a playbook in an existing channel can be promoted to channel admin. Affected releases include Mattermost 8.1.x through 8.1.12, 9.5.x through 9.5.3, and 9.6.x through 9.6.1, due to failure to perform proper authorizat...

CVE-2024-5270

Mattermost vulnerable in multiple tracked versions (8.1.x <= 8.1.12; 9.5.x <= 9.5.3; 9.6.x <= 9.6.1; 9.7.x email switch. Impact: improper access control for authentication method and related data. Mitigation: upgrade to versions later than the listed fixed versions (as documented in PT-2...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

CVE-2024-22091

Mattermost versions 8.1.x = 8.1.10, 9.6.x = 9.6.0, 9.5.x = 9.5.2 and 8.1.x = 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2022 - Includes Oracle October 2022 CPU and IBM Java - OpenJ9 CVE-2022-3676

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 and IBM Ja...

PostgreSQL 9.6.x < 9.6.22, 10.x < 10.17, 11.x < 11.12, 12.x < 12.7, 13.x < 13.3 Multiple Vulnerabilities - Linux

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

Design/Logic Flaw

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain...

PostgreSQL RCE Vulnerability (Feb 2018) - Windows

PostgreSQL is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PostgreSQL 9.3.x < 9.3.22 / 9.4.x < 9.4.17 / 9.5.x < 9.5.12 / 9.6.x < 9.6.8 / 10.x < 10.3 Privilege Escalation Vulnerability

The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.22, 9.4.x prior to 9.4.17, 9.5.x prior to 9.5.12, 9.6.x prior to 9.6.8, or 10.x prior to 10.3. It is, therefore, affected by a privilege escalation vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PostgreSQL Information Disclosure Vulnerability (Feb 2018) - Windows

PostgreSQL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Arbitrary file deletion

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

PostgreSQL Security Bypass Vulnerability (Dec 2017) - Linux

PostgreSQL is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

PostgreSQL Privilege Escalation Vulnerability (Dec 2017) - Windows

PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PostgreSQL Security Bypass Vulnerability (Dec 2017) - Windows

PostgreSQL is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

PostgreSQL MITM Vulnerability (May 2017) - Linux

PostgreSQL is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged...

CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged...