CWE:
 

Topic
Date
Author
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


CVEMAP Search Results

CVE
Details
Description
2020-06-19
Medium
CVE-2017-18886

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.

 
Low
CVE-2018-21253

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.

 
Medium
CVE-2019-20875

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.

 
Medium
CVE-2019-20876

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.

 
Low
CVE-2019-20879

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.

 
Low
CVE-2019-20883

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.

 
Medium
CVE-2019-20884

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.

 
Low
CVE-2019-20887

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.

 
Medium
CVE-2017-18916

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.

 
Medium
CVE-2017-18894

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top