Filtered by vendor Mattermost
Subscriptions
Filtered by product Mattermost Server
Subscriptions
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20872 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.5 Medium |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | ||||
| CVE-2019-20889 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. | ||||
| CVE-2019-20886 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | ||||
| CVE-2019-20882 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. | ||||
| CVE-2019-20857 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. | ||||
| CVE-2019-20858 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | ||||
| CVE-2019-20865 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 8.8 High |
| An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | ||||
| CVE-2020-14448 | 1 Mattermost | 1 Mattermost Server | 2020-06-20 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. | ||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2020-06-20 | 7.5 High |
| An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | ||||
| CVE-2019-20888 | 1 Mattermost | 1 Mattermost Server | 2020-06-20 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. | ||||
| CVE-2020-14450 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. | ||||
| CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | ||||
| CVE-2019-20844 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | ||||
| CVE-2019-20842 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.2 High |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. | ||||
| CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | ||||
| CVE-2020-14447 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. | ||||
| CVE-2020-14459 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. | ||||
| CVE-2020-14453 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. | ||||
| CVE-2020-14452 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. | ||||