The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-32823 - In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue... read CVE-2023-32823
Published: October 01, 2023; 11:15:09 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2023-32822 - In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue... read CVE-2023-32822
Published: October 01, 2023; 11:15:09 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2023-32821 - In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue... read CVE-2023-32821
Published: October 01, 2023; 11:15:09 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2023-32820 - In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS079... read CVE-2023-32820
Published: October 01, 2023; 11:15:09 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-32830 - In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issu... read CVE-2023-32830
Published: October 01, 2023; 11:15:10 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2023-32819 - In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705;... read CVE-2023-32819
Published: October 01, 2023; 11:15:09 PM -0400V3.1: 4.4 MEDIUM
-
CVE-2023-20819 - In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID... read CVE-2023-20819
Published: October 01, 2023; 11:15:09 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-38871 - The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This ... read CVE-2023-38871
Published: September 28, 2023; 12:15:12 AM -0400V3.1: 5.3 MEDIUM
-
CVE-2022-47186 - There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
Published: September 28, 2023; 10:15:16 AM -0400V3.1: 9.1 CRITICAL
-
CVE-2023-43044 - IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: ... read CVE-2023-43044
Published: September 28, 2023; 2:15:11 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-43663 - PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Comm... read CVE-2023-43663
Published: September 28, 2023; 3:15:10 PM -0400V3.1: 4.3 MEDIUM
-
CVE-2023-43664 - PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This iss... read CVE-2023-43664
Published: September 28, 2023; 3:15:10 PM -0400V3.1: 4.3 MEDIUM
-
CVE-2023-38872 - An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the atta... read CVE-2023-38872
Published: September 28, 2023; 12:15:12 AM -0400V3.1: 3.7 LOW
-
CVE-2023-38870 - A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
Published: September 28, 2023; 12:15:11 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-44273 - Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
Published: September 28, 2023; 12:15:12 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-38873 - The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on... read CVE-2023-38873
Published: September 28, 2023; 12:15:12 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2022-47187 - There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploa... read CVE-2022-47187
Published: September 28, 2023; 10:15:17 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-44080 - An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.
Published: September 27, 2023; 6:15:11 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-5112 - Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a u... read CVE-2023-5112
Published: September 30, 2023; 7:15:40 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2023-5323 - Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
Published: September 30, 2023; 9:15:24 PM -0400V3.1: 6.1 MEDIUM
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.