Total
34490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25004 | 1 Google | 1 Flatbuffers | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. | |||||
| CVE-2019-25002 | 1 Sodiumoxide Project | 1 Sodiumoxide | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. | |||||
| CVE-2019-20908 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. | |||||
| CVE-2019-20902 | 1 Atlassian | 1 Crowd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1. | |||||
| CVE-2019-20899 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1. | |||||
| CVE-2019-20898 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0. | |||||
| CVE-2019-20890 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. | |||||
| CVE-2019-20884 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. | |||||
| CVE-2019-20883 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post. | |||||
| CVE-2019-20878 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. | |||||
| CVE-2019-20877 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. | |||||
| CVE-2019-20876 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. | |||||
| CVE-2019-20874 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. | |||||
| CVE-2019-20873 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. | |||||
| CVE-2019-20869 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. | |||||
| CVE-2019-20867 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. | |||||
| CVE-2019-20864 | 1 Mattermost | 1 Mattermost Plugins | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account. | |||||
| CVE-2019-20863 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. | |||||
| CVE-2019-20862 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands. | |||||
| CVE-2019-20861 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | |||||