744 matches found
SUSE CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...
SUSE CVE-2019-18934
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...
SUSE CVE-2021-45957
Dnsmasq 2.86 has a heap-based buffer overflow in answerrequest called from FuzzAnswerTheRequest and fuzzrfc1035.c. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...
SUSE CVE-2022-3736
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...
OESA-2023-1067 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
GHSA-65PX-4CPF-697R Cross-site scripting vulnerability found in answerdev/answer
Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.4...
Cross-site scripting vulnerability found in answerdev/answer
Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.4...
GHSA-HJMR-XM25-36MH Answer subject to Cross-site Scripting vulnerability
Cross-site Scripting XSS - Generic in GitHub repository answerdev/answer prior to 1.0.4...
GHSA-4CWH-8W4G-JXXH Answer contains Improper Access Control vulnerability
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4...
Answer contains Improper Access Control vulnerability
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4...
GHSA-P7WJ-C85F-XQ9H Answer has Cross-site Scripting vulnerability
Cross-site Scripting XSS - DOM in GitHub repository answerdev/answer prior to 1.0.4...
CVE-2023-0741
Cross-site Scripting XSS - DOM in GitHub repository answerdev/answer prior to 1.0.4...
CVE-2023-0744
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4...
CVE-2023-0743
Cross-site Scripting XSS - Generic in GitHub repository answerdev/answer prior to 1.0.4...
CVE-2023-0742
Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.4...
Improper access control
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4...
Answer vulnerable to Race Condition
Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4...
CVE-2023-0739
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...
PT-2023-16493 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.4 Description: The issue is a Cross-site Scripting XSS - Stored vulnerability found in the GitHub repository answerdev/answer. This type of vulnerability allows an attacker to inject malicious scripts in...
CVE-2023-0740
CVE-2023-0740 describes a stored Cross-site Scripting (XSS) vulnerability in the open‑source project answerdev/answer prior to version 1.0.4 . Multiple sources (NVD, Red Hat, GHSA, OSV, PT‑Security, PRION) corroborate that inputs could be injected and stored, leading to script execution affecting...