768 matches found
latestAnswer() may return stale values
Lines of code 121, 122, 123, 124, 51 Vulnerability details latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2854)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
answer Access Control Error Vulnerability (CNVD-2023-72246)
answer is an open source knowledge-based community software. An Access Control Error vulnerability exists in versions prior to answer v1.1.3 that stems from a lack of authentication for critical functions. An attacker can exploit the vulnerability can change roles including administrator...
CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...
CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier
Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...
Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...
GHSA-V9VC-7X69-C2X8 Answer Missing Authorization vulnerability
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...
GHSA-J63X-F657-2M9G Answer has Weak Password Requirements
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4127
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...
CVE-2023-4124
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...
CVE-2023-4126
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4127 Race Condition within a Thread in answerdev/answer
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...
CVE-2023-4127 Race Condition within a Thread in answerdev/answer
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4125 Weak Password Requirements in answerdev/answer
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4124 Missing Authorization in answerdev/answer
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...
PT-2023-27873 · Answer +3 · Answer +2
Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.1.0 Description: The issue concerns insufficient session expiration. Recommendations: For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue...