Latest CVE Feed
-
9.8
CRITICALCVE-2017-18885
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-18884
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2017-18883
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18882
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18881
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18880
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18879
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-18878
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18877
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2017-18876
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2017-18875
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-18874
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2017-18873
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-18872
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-18871
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-18870
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
2.5
LOWCVE-2017-18869
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.... Read more
Affected Products : chownr- Published: Jun. 15, 2020
- Modified: Nov. 21, 2024
-
7.7
HIGHCVE-2017-18868
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.... Read more
- Published: May. 21, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2017-18867
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.... Read more
Affected Products : wndr4500_firmware d7800_firmware r7100lg_firmware d6100_firmware wndr4300_firmware wndr4500 r7100lg d6100 d7800 wndr4300- Published: May. 05, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18866
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.... Read more
Affected Products : r7800_firmware r9000_firmware r7500_firmware wndr4300_firmware wnr2000_firmware r6100_firmware 6r7500_firmware r6100 r7500 wndr4300 +4 more products- Published: May. 05, 2020
- Modified: Nov. 21, 2024