|
315451
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbit…
|
NVD-CWE-noinfo
|
CVE-2024-29977
|
2024-08-23 23:52 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315452
|
6.4 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious rem…
|
NVD-CWE-noinfo
|
CVE-2024-36492
|
2024-08-23 23:51 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315453
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared chan…
|
NVD-CWE-noinfo
|
CVE-2024-39274
|
2024-08-23 23:39 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315454
|
9.6 |
CRITICAL
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which …
|
NVD-CWE-noinfo
|
CVE-2024-39777
|
2024-08-23 23:36 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315455
|
8.7 |
HIGH
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abu…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-39832
|
2024-08-23 23:35 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315456
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Do not change route.addr.src_addr outside state checks
If the state is not idle then resolve_prepare_src() should immed…
|
CWE-416
Use After Free
|
CVE-2022-48925
|
2024-08-23 11:07 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315457
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: tsc2046: fix memory corruption by preventing array overflow
On one side we have indio_dev->num_channels includes all ph…
|
CWE-787
Out-of-bounds Write
|
CVE-2022-48927
|
2024-08-23 11:05 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315458
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list
There's no lock for rndis response list. It could cause list corruption
…
|
NVD-CWE-noinfo
|
CVE-2022-48926
|
2024-08-23 11:05 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315459
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix crash due to out of bounds access into reg2btf_ids.
When commit e6ac2450d6de ("bpf: Support bpf program calling kernel f…
|
CWE-125
Out-of-bounds Read
|
CVE-2022-48929
|
2024-08-23 11:00 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315460
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
If iio_device_register() fails, a previous ioremap() is lef…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2022-48928
|
2024-08-23 10:58 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
