Filtered by vendor Mattermost
Subscriptions
Filtered by product Mattermost Desktop
Subscriptions
Total
12 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-5920 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2023-11-09 | 3.3 Low |
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | ||||
CVE-2023-5876 | 1 Mattermost | 1 Mattermost Desktop | 2023-11-09 | 5.3 Medium |
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | ||||
CVE-2023-5875 | 1 Mattermost | 1 Mattermost Desktop | 2023-11-09 | 5.3 Medium |
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | ||||
CVE-2023-5339 | 1 Mattermost | 1 Mattermost Desktop | 2023-10-24 | 5.5 Medium |
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | ||||
CVE-2023-2000 | 1 Mattermost | 1 Mattermost Desktop | 2023-05-09 | 5.4 Medium |
Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | ||||
CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2021-09-08 | 9.8 Critical |
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | ||||
CVE-2018-21265 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-30 | 5.3 Medium |
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | ||||
CVE-2019-20861 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-26 | 8.8 High |
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | ||||
CVE-2016-11064 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-26 | 9.8 Critical |
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | ||||
CVE-2020-14456 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 7.3 High |
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | ||||
CVE-2020-14455 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 6.5 Medium |
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | ||||
CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 6.1 Medium |
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. |
Page 1 of 1.