CVE-2023-33982
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.
Source: CVE-2023-33982
CVE-2023-33981
Briar before 1.4.22 allows attackers to spoof other users’ messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.
Source: CVE-2023-33981
CVE-2023-33980
Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact.
Source: CVE-2023-33980
CVE-2023-2870
A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: CVE-2023-2870
CVE-2023-2871
A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: CVE-2023-2871
CVE-2023-2872
A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: CVE-2023-2872
CVE-2023-2873
A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: CVE-2023-2873
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.
Source: CVE-2023-33950
CVE-2022-47446
Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions.
Source: CVE-2022-47446
CVE-2022-47447
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <=Â 3.3.8 versions.
Source: CVE-2022-47447