VYPR

CVEs

101,975 total · page 1467 of 2,040

  • CVE-2017-18884HigJun 19, 2020
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

  • CVE-2018-21264HigJun 19, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.

  • CVE-2020-8184HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.03

    A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

  • CVE-2020-8164HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.04

    A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

  • CVE-2020-8162HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.03

    A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

  • CVE-2019-20888HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.

  • CVE-2019-20886HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.

  • CVE-2019-20885HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.

  • CVE-2019-20881HigJun 19, 2020
    risk 0.48cvss 7.3epss 0.01

    An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.

  • CVE-2019-20880HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.

  • CVE-2018-21263HigJun 19, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.

  • CVE-2018-21262HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.

  • CVE-2018-21258HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.

  • CVE-2018-21248HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.

  • CVE-2017-18871HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.

  • CVE-2019-20874HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.

  • CVE-2019-20871HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.

  • CVE-2019-20868HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.

  • CVE-2019-20865HigJun 19, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.

  • CVE-2019-20864HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.

  • CVE-2019-20863HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.

  • CVE-2019-20862HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.

  • CVE-2019-20861HigJun 19, 2020
    risk 0.50cvss 8.8epss 0.02

    An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.

  • CVE-2019-20859HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.

  • CVE-2019-20858HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.

  • CVE-2019-20857HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.

  • CVE-2019-20855HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.

  • CVE-2019-20854HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.

  • CVE-2019-20852HigJun 19, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content).

  • CVE-2020-14459HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.

  • CVE-2020-14458HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.

  • CVE-2020-14456HigJun 19, 2020
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.

  • CVE-2020-14453HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.

  • CVE-2020-14451HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013.

  • CVE-2020-14450HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.

  • CVE-2020-14449HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018.

  • CVE-2020-14448HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.

  • CVE-2020-14447HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.

  • CVE-2019-20848HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.

  • CVE-2019-20846HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.

  • CVE-2019-20845HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

  • CVE-2019-20843HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.

  • CVE-2019-20842HigJun 19, 2020
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.

  • CVE-2019-20841HigJun 19, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.

  • CVE-2020-7679HigJun 19, 2020
    risk 0.48cvss 7.3epss 0.02

    In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.

  • CVE-2020-14019HigJun 19, 2020
    risk 0.44cvss 7.8epss 0.00

    Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

  • CVE-2020-5590HigJun 19, 2020
    risk 0.53cvss 8.1epss 0.02

    Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

  • CVE-2020-4059HigJun 18, 2020
    risk 0.41cvss 7.3epss 0.03

    In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in…

  • CVE-2020-12887HigJun 18, 2020
    risk 0.00cvss 7.5epss 0.02

    Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options…

  • CVE-2020-12885HigJun 18, 2020
    risk 0.00cvss 7.5epss 0.01

    An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed…