Product:

Mattermost_server

(Mattermost)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 215
Date Id Summary Products Score Patch Annotated
2020-06-19 CVE-2019-20865 An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. Mattermost_server N/A
2020-06-19 CVE-2019-20862 An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands. Mattermost_server N/A
2020-06-19 CVE-2019-20858 An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. Mattermost_server N/A
2020-06-19 CVE-2019-20857 An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. Mattermost_server N/A
2020-06-19 CVE-2019-20854 An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. Mattermost_server N/A
2020-06-19 CVE-2018-21258 An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. Mattermost_server N/A
2020-06-19 CVE-2018-21249 An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. Mattermost_server N/A
2020-06-19 CVE-2017-18920 An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. Mattermost_server N/A
2020-06-19 CVE-2017-18918 An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. Mattermost_server N/A
2020-06-19 CVE-2017-18917 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. Mattermost_server N/A