An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
CWE-732
CVE-2018-21255
An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.
CVE-2018-21256
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
CVE-2018-21081
An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user’s consent. The Samsung ID is SVE-2017-11018 (March 2018).
CVE-2018-20936
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
CVE-2018-20904
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).