Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21260 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | |||||
| CVE-2020-13427 | 1 Victorcms Project | 1 Victorcms | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. | |||||
| CVE-2019-20891 | 1 Woocommerce | 1 Woocommerce | 2020-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | |||||
| CVE-2017-18908 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | |||||
| CVE-2016-5845 | 1 Sap | 1 Sapcar | 2020-06-25 | 2.1 LOW | 5.5 MEDIUM |
| SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. | |||||
| CVE-2018-18755 | 1 K-iwi | 1 K-iwi | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. | |||||
| CVE-2018-19286 | 1 Mubu | 1 Curtain | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note. | |||||
| CVE-2020-14456 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. | |||||
| CVE-2020-14455 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | |||||
| CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | |||||
| CVE-2019-17603 | 1 Asus | 1 Aura Sync | 2020-06-25 | 7.2 HIGH | 7.8 HIGH |
| Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | |||||
| CVE-2020-14149 | 1 Troglobit | 1 Uftpd | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. | |||||
| CVE-2020-4062 | 1 Cyberark | 1 Conjur Oss Helm Chart | 2020-06-25 | 7.7 HIGH | 9.0 CRITICAL |
| In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC). | |||||
| CVE-2019-20847 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | |||||
| CVE-2020-3658 | 1 Qualcomm | 88 Apq8009, Apq8009 Firmware, Apq8017 and 85 more | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-10374 | 1 Paessler | 1 Prtg Network Monitor | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form. | |||||
| CVE-2020-3635 | 1 Qualcomm | 68 Apq8053, Apq8053 Firmware, Apq8096au and 65 more | 2020-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-3660 | 1 Qualcomm | 74 Apq8009, Apq8009 Firmware, Apq8017 and 71 more | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-3661 | 1 Qualcomm | 88 Apq8009, Apq8009 Firmware, Apq8017 and 85 more | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2016-11075 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | |||||
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | |||||
| CVE-2016-11078 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | |||||
| CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | |||||
| CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | |||||
| CVE-2016-11081 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | |||||
| CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | |||||
| CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | |||||
| CVE-2017-18905 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | |||||
| CVE-2020-12884 | 1 Arm | 1 Mbed Os | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made. | |||||
| CVE-2020-12885 | 1 Arm | 1 Mbed Os | 2020-06-25 | 7.8 HIGH | 7.5 HIGH |
| An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption. | |||||
| CVE-2020-12886 | 1 Arm | 1 Mbed Os | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur. | |||||
| CVE-2018-11813 | 1 Ijg | 1 Libjpeg | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. | |||||
| CVE-2020-14151 | 2020-06-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11813. Reason: This candidate is a duplicate of CVE-2018-11813. Notes: All CVE users should reference [ID] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | |||||
| CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.1 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | |||||
| CVE-2017-18904 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. | |||||
| CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
| CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | |||||
| CVE-2016-11063 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | |||||
| CVE-2016-11070 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | |||||
| CVE-2016-11073 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | |||||
| CVE-2019-14094 | 1 Qualcomm | 128 Apq8009, Apq8009 Firmware, Apq8053 and 125 more | 2020-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-3614 | 1 Qualcomm | 110 Apq8009, Apq8009 Firmware, Apq8017 and 107 more | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2020-3626 | 1 Qualcomm | 72 Apq8053, Apq8053 Firmware, Apq8096au and 69 more | 2020-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-8377 | 2 Appneta, Fedoraproject | 2 Tcpreplay, Fedora | 2020-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2020-12740 | 1 Appneta | 1 Tcpreplay | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||||
| CVE-2020-8831 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2020-06-24 | 2.1 LOW | 5.5 MEDIUM |
| Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. | |||||
| CVE-2020-8833 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2020-06-24 | 1.9 LOW | 4.7 MEDIUM |
| Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. | |||||
| CVE-2016-11067 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | |||||
| CVE-2017-18877 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. | |||||