CVE-2015-9548
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
Source: CVE-2015-9548
[월:] 2020년 06월
CVE-2020-14929
CVE-2020-14929
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
Source: CVE-2020-14929
CVE-2020-9495
CVE-2020-9495
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.
Source: CVE-2020-9495
CVE-2017-18912
CVE-2017-18912
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.
Source: CVE-2017-18912
CVE-2017-18899
CVE-2017-18899
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
Source: CVE-2017-18899
CVE-2017-18902
CVE-2017-18902
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
Source: CVE-2017-18902
CVE-2017-18903
CVE-2017-18903
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
Source: CVE-2017-18903
CVE-2017-18897
CVE-2017-18897
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
Source: CVE-2017-18897
CVE-2017-18896
CVE-2017-18896
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
Source: CVE-2017-18896
CVE-2017-18901
CVE-2017-18901
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
Source: CVE-2017-18901