Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15697 | 1 Joomla | 1 Joomla\! | 2020-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users. | |||||
| CVE-2020-5371 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2020-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. | |||||
| CVE-2020-12041 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2020-07-08 | 7.5 HIGH | 9.4 CRITICAL |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. | |||||
| CVE-2017-18878 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session. | |||||
| CVE-2018-21256 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. | |||||
| CVE-2018-21252 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | |||||
| CVE-2017-18872 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. | |||||
| CVE-2018-21265 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | |||||
| CVE-2018-21261 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. | |||||
| CVE-2018-21255 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel. | |||||
| CVE-2018-21254 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. | |||||
| CVE-2017-18870 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. | |||||
| CVE-2017-18876 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. | |||||
| CVE-2017-18875 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | |||||
| CVE-2018-21253 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | |||||
| CVE-2017-18886 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | |||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | |||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | |||||
| CVE-2017-18896 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | |||||
| CVE-2017-18894 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | |||||