Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache USA Foundation. A denial of service vulnerability exists in Apache Answer 1.2.1 and earlier versions, which can be exploited by attackers to conduct pixel flooding attacks by uploading large pixelated files, resulting in a server out of memory...

PT-2024-16880 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is due to insufficient sanitization of HTML input in the Q&A functionality, making it possible for...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier

Summary This fix upgrades to node 18.19.0. Vulnerability Details CVEID:CVE-2023-39332 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker coul...

Race Condition

github.com/apache/incubator-answer is vulnerable to Race Condition. The vulnerability is due to inappropriate handling of collection count while a user bookmarks a question. Repeated submissions of bookmark through a script increases the number of collection of questions...

GHSA-F899-4MR4-FQPV Apache Answer Race Condition vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

Apache Answer Race Condition vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

CVE-2023-49619

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

CVE-2023-49619

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

Race condition

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

CVE-2023-49619 Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

CVE-2023-49619 Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...

CVE-2023-49619

CVE-2023-49619 concerns Apache Answer. A race condition arises from concurrent submissions that manipulate the bookmark/collection count for a question, allowing repeated submissions (e.g., via a script) to increase the number of collections beyond normal limits. Affected versions are Apache Answ...

PT-2024-13768 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.2.0 Description: The issue is related to a 'Race Condition' vulnerability due to improper synchronization when using shared resources. Normally, a user can only bookmark a question once, increasing the bookmar...

The vulnerability of the mm-answer-authpassword() function in the OpenSSH cryptographic protection mechanism allows a hacker to execute the Rowhammer attack and bypass the authentication process.

The vulnerability of the mm-answer-authpassword function in the OpenSSH cryptographic protection mechanism is related to deficiencies in the authentication process. This vulnerability arises when an operation exceeds the buffer boundaries in memory, resulting in bit manipulation errors. Exploitin...

Apache Answer Competition Condition Problem Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer version 1.2.0 and prior versions suffer from a Competing Conditional Questions vulnerability that stems from the fact that repeated submissions via scripting can increase the number of questions collected many times...

CVE-2023-51767

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2854)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

answer Access Control Error Vulnerability (CNVD-2023-72246)

answer is an open source knowledge-based community software. An Access Control Error vulnerability exists in versions prior to answer v1.1.3 that stems from a lack of authentication for critical functions. An attacker can exploit the vulnerability can change roles including administrator...

CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...