Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34458: Relayed transactions always increment nonce

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.

CVE
Open in Source
#vulnerability#git
CVE-2022-42045: GitHub - ReCryptLLC/CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.

CVE-2023-30559: BD Alaris™ System with Guardrails™ Suite MX

The firmware update package for the wireless card is not properly signed and can be modified.

CVE-2023-37786: GitHub - CrownZTX/reflectedxss1: Reflected XSS Vulnerabilitiy in public_html/admin/configuration.php of Geeklog v2.2.2

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.

CVE-2023-37787: GitHub - CrownZTX/storedXSS: Geeklog v2.2.2 is vulnerable to Stored Cross-Site Scripting (XSS) in public_html/admin/router.php

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.

CVE-2023-30151: [CVE-2023-30151] Improper neutralization of SQL parameters in the Boxtal (envoimoinscher) module from Boxtal for PrestaShop

A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.

CVE-2023-37785: GitHub - CrownZTX/cve-description: ImpressCMS <= 1.4.5 is vulnerable to Stored Cross-Site Scripting (XSS) in ./editprofile.php

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.

CVE-2023-33768: Wemo Smart Plug (Simple Setup Smart Outlet for Smart Home, Control Lights and Devices Remotely Works w/Alexa, Google Assistant, Apple HomeKit)(Pack of 1) - - Amazon.com

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

CVE-2023-37745: Maid Hiring Management System | Maid Hiring Management Project in PHP

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.

CVE-2023-37743: Teacher Subject Allocation Management System in PHP | Teacher Subject Allocation Management Project

A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.