CVE-2024-1402

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-400
View all →

Vulnerability Description

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post.

Related Vulnerabilities

CVE-2012-0049

MEDIUM
CVSS:4.3(Medium)

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

CWE-4002012

CVE-2016-7427

MEDIUM
CVSS:4.3(Medium)

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packe...

CWE-4002016

CVE-2016-7428

MEDIUM
CVSS:4.3(Medium)

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

CWE-4002016

CVE-2018-15325

MEDIUM
CVSS:4.3(Medium)

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands

CWE-4002018

CVE-2019-13011

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template...

CWE-4002019

CVE-2020-13333

MEDIUM
CVSS:4.3(Medium)

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks...

CWE-4002020