Total
34060 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20876 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. | ||||
| CVE-2019-20874 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. | ||||
| CVE-2019-20873 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. | ||||
| CVE-2019-20869 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. | ||||
| CVE-2019-20867 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. | ||||
| CVE-2019-20864 | 1 Mattermost | 1 Mattermost Plugins | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account. | ||||
| CVE-2019-20863 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. | ||||
| CVE-2019-20862 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands. | ||||
| CVE-2019-20861 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | ||||
| CVE-2019-20860 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. | ||||
| CVE-2019-20859 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. | ||||
| CVE-2019-20857 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. | ||||
| CVE-2019-20855 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. | ||||
| CVE-2019-20854 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | ||||
| CVE-2019-20847 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | ||||
| CVE-2019-20835 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. | ||||
| CVE-2019-20832 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. | ||||
| CVE-2019-20809 | 1 Compound | 1 Price Oracle | 2024-11-21 | 7.5 High |
| The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings. | ||||
| CVE-2019-20784 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019). | ||||
| CVE-2019-20783 | 1 Google | 1 Android | 2024-11-21 | 9.1 Critical |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019). | ||||