8 matches found
CVE-2020-25824
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export...
FreeBSD : mod_gnutls -- Infinite Loop on request read timeout (e8b20517-dbb6-11ed-bf28-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e8b20517-dbb6-11ed-bf28-589cfc0f81b0 advisory. - Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including d...
CVE-2023-25824
creationtimestamp| type| source ---|---|--- 2023-02-24 00:48:39+00:00| seen| https://t.me/cibsecurity/58833...
CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...
CVE-2023-25824
CVE-2023-25824 affects the Mod_gnutls TLS module for Apache HTTPD (GnuTLS-based). Versions 0.9.0 through 0.12.0 do not properly fail blocking read operations on TLS connections when the transport times out, instead entering an endless loop that can consume CPU resources and, if trace logging is e...
CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...
CVE-2022-25824
CVE-2022-25824 affects Samsung BixbyTouch on China models, prior to version 2.2.00.6. Root cause is an improper access control that allows untrusted applications to load arbitrary URLs and local files in WebView. This is a local-attack surface with low likelihood of exploitation details not provi...
CVE-2020-25824
Telegram Desktop up to version 2.4.3 is vulnerable: when a user opens the Export Telegram Data wizard, pressing the Export key on an unattended, distracted desktop allows an attacker to access all chat conversations and media files because no passcode is required. Affected product: Telegram Deskt...