{"vulnerability": "cve-2019-2084", "sightings": [{"uuid": "0f29c538-9717-4da6-b42c-220ce6d2cbb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20847", "type": "seen", "source": "https://t.me/cibsecurity/12880", "content": "ATENTION\u203c New - CVE-2019-20847\n\nAn issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:16.000000Z"}, {"uuid": "b95a75e3-2cb0-4670-967b-6f5bcc1763cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20846", "type": "seen", "source": "https://t.me/cibsecurity/12881", "content": "ATENTION\u203c New - CVE-2019-20846\n\nAn issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:17.000000Z"}, {"uuid": "ae002fe8-92cf-4131-ad47-02fe7ca71110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20845", "type": "seen", "source": "https://t.me/cibsecurity/12882", "content": "ATENTION\u203c New - CVE-2019-20845\n\nAn issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:18.000000Z"}, {"uuid": "e5a4d696-7f73-4992-a49f-2f09b4acd8d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20844", "type": "seen", "source": "https://t.me/cibsecurity/12883", "content": "ATENTION\u203c New - CVE-2019-20844\n\nAn issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:19.000000Z"}, {"uuid": "cdf61ee5-0e91-49ea-a711-d6b67a246cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20843", "type": "seen", "source": "https://t.me/cibsecurity/12884", "content": "ATENTION\u203c New - CVE-2019-20843\n\nAn issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:21.000000Z"}, {"uuid": "44ed34bc-99ff-41c6-ab93-9bd28db3dab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20841", "type": "seen", "source": "https://t.me/cibsecurity/12886", "content": "ATENTION\u203c New - CVE-2019-20841\n\nAn issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:23.000000Z"}, {"uuid": "a8414439-96fb-4778-ade9-079065ed430f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20842", "type": "seen", "source": "https://t.me/cibsecurity/12885", "content": "ATENTION\u203c New - CVE-2019-20842\n\nAn issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-19T18:55:22.000000Z"}, {"uuid": "be581edc-de77-4706-9cc9-94abbb097c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20840", "type": "seen", "source": "https://t.me/cibsecurity/12816", "content": "ATENTION\u203c New - CVE-2019-20840\n\nAn issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-17T20:55:34.000000Z"}]}