UBUNTU-CVE-2026-2921

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending o...

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

CVE-2024-28854

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

CVE-2024-28854

tls-listener is a Rust wrapper for a TLS connection listener. The default configuration allows a malicious actor to open multiple TCP connections per second and send zero bytes, triggering a slowloris-style DoS. The issue affects public services using tls-listener with default settings in version...

CVE-2024-28854

creationtimestamp| type| source ---|---|--- 2024-03-15 06:29:26+00:00| published-proof-of-concept| https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7 2024-03-15 20:21:39+00:00| seen| https://t.me/ctinow/209091 2024-03-15 20:26:33+00:00| seen| https://t.me/ctinow/2090...

CVE-2023-28854

creationtimestamp| type| source ---|---|--- 2023-04-03 22:24:52+00:00| seen| https://t.me/cibsecurity/61346...

CVE-2023-28854

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

CVE-2023-28854

CVE-2023-28854 affects the nophp PHP web framework (versions prior to 0.0.1). The vulnerability is a shell command injection on the httpd user. A patch was released at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa (2023-03-30). Remediation: upgrade index.php to 2023-03-30 or later. As a workaro...

CVE-2022-28854

creationtimestamp| type| source ---|---|--- 2022-09-16 22:35:19+00:00| seen| https://t.me/cibsecurity/49975...

CVE-2022-28854

CVE-2022-28854 affects Adobe InDesign 16.x (before 16.4.3) and 17.x (before 17.4). The issue is an out-of-bounds read that can disclose memory and potentially bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Public details across connected sources confirm the v...

CVE-2022-28854 Adobe InDesign 2022 Out-of-Bound Read Memory leak

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...