Filtered by vendor Mattermost
Subscribe
Total
280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-11068 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | |||||
| CVE-2017-18895 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. | |||||
| CVE-2019-20858 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | |||||
| CVE-2019-20866 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled. | |||||
| CVE-2018-21257 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API. | |||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | |||||
| CVE-2018-21252 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | |||||
| CVE-2019-20854 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | |||||
| CVE-2017-18893 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. | |||||
| CVE-2017-18873 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. | |||||
| CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | |||||
| CVE-2018-21248 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | |||||
| CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | |||||
| CVE-2018-21259 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel. | |||||
| CVE-2020-14448 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. | |||||
| CVE-2017-18908 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | |||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | |||||
| CVE-2017-18914 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | |||||
| CVE-2017-18902 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. | |||||
| CVE-2020-14460 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001. | |||||