Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2016-11065

Mattermost Server before 3.3.0 is affected. The vulnerability stems from the WebSocket feature allowing an attacker to send pop-up messages to users or alter a post’s appearance. The descriptions across connected documents confirm the affected software and the underlying impact, but do not specif...

CVE-2016-11065

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance...

CVE-2017-18920

Mattermost Server ≤ 3.6.1 suffers a Same Origin Policy weakness in the WebSocket feature. The vulnerability context is limited to Mattermost Server prior to version 3.6.2; no exploitation details are provided in the sources. Mitigation guidance (from publicly available references) is to upgrade t...

CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

Code injection

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

CVE-2018-21260

CVE-2018-21260 affects Mattermost Server versions before 4.8.1, 4.7.4, and 4.6.3. The issue arises from WebSocket events being accidentally sent during certain user-management operations, leading to potential user-privacy disclosure. The available documents confirm the vulnerable component (Matte...

CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...

Code injection

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

CVE-2019-20847

Mattermost Server prior to version 5.18.0 is affected. A vulnerability allows an attacker to send a user_typing WebSocket event to any channel, indicating improper handling of WebSocket events. The issue is documented across multiple feeds (e.g., Red Hat advisory, CNVD) and is mitigated by updati...

CVE-2020-14457

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...

CVE-2020-14457

Technical details about CVE-2020-14457 are not provided in the connected documents; only the basic description and references are available. Monitor for updates.

PT-2020-14017 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.20.0 Description: An issue was discovered in Mattermost Server where non-members can receive broadcasted team details via the update team WebSocket event. Recommendations: For versions prior to 5.20.0,...

LibVNCServer Buffer Overflow Vulnerability (CNVD-2020-36781)

LibVNCServer is a cross-platform C library that supports the implementation of VNC Virtual Network Computing server or client functionality in programs. A security vulnerability exists in the 'hybiReadAndDecode' function in the libvncserver/wsdecode.c file in versions of LibVNCServer prior to...

UBUNTU-CVE-2019-20840

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/wsdecode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode...