UBUNTU-CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the American company ISC. A security vulnerability exists in BIND versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, and 9.19.0 through 9.19.8, which arises from the fact that when stale caching and stale...

Upgraded Q -> M from #472 [1674665995647]

Judge has assessed an item in Issue 472 as M risk. The relevant finding follows: L-01 CHAINLINK AGGREGATOR IS NOT SUFFICIENTLY VALIDATED AND CAN RETURN STALE ANSWER As shown below, calling the getAssetPrice function in the ParaSpaceOracle contract can execute price = uint256source.latestAnswer,...

PT-2023-1380 · Answer · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.4 Description: The issue is related to improper access control in the password reset procedure of the answer knowledge sharing service. This can allow a remote attacker to gain unauthorized access to...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier

Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...

Unsafe ERC20 operations due to lack of contract length check

Lines of code Vulnerability details Impact Functions executeERC20DirectTransfer and executeERC20TransferFrom replicates solmate libraries methods. The problem with this is that these functions does not check existence of code at the token address. If executeERC20DirectTransferand...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier

Summary This fix upgrades to Websphere Liberty 22.0.0.10, NodeJs 14.20.1, Jackson 2.14.0-rc1, Protobuf 3.16.3, Apache commons-text 1.10.0 Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header field...

The vulnerability of the DNS BIND server, related to insufficient validation of input data, allows attackers to execute DoS attacks.

The vulnerability of the DNS BIND server is related to insufficient validation of input data when processing the stale-answer-client-timeout parameter with a default value of 0, and the use of the CNAME record type in the cache for incoming requests. Exploiting this vulnerability allows an attack...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

...

ISC BIND 注入漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND versions prior to 9.16.33, 9.18.x prior to 9.18.7, and 9.19.x prior to 9.19.5, which stems from the fact that when stale caching and stale answers are...

Chainlink oracle data feed is not further validated and can return stale answer

Lines of code Vulnerability details Impact Although the protocol recognizes that Chainlink oracles can provide outdated answers, using stale answers without further validation might not be a good practice. Moreover, in the updateExchangeRate function, where the latestRoundData method is used, the...

SUSE-SU-2022:2533-2 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. bsc1192079. - FIPS: Add on-demand integrity tests through sftkFIPSRepeatIntegrityCheck...

IBM Answer Retrieval for Watson Discovery On Prem 环境问题漏洞

IBM Answer Retrieval for Watson Discovery On Prem is a microservices-based, cloud-native solution from International Business Machines IBM. IBM Answer Retrieval for Watson Discovery On Prem suffers from an environmental issue vulnerability that stems from the llhttp parser in the HTTP module not...

Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to HTTP request smuggling due to NodeJS

Summary NodeJS is used by IBM Answer Retrieval for Watson Discovery. The fix upgrades to NodeJS 14.20.0 Vulnerability Details CVEID: CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly check if an IP address ...

Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...

GHSA-P5J7-26WJ-423J Moodle allows discovery of an author's username

The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...

CVE-2021-24805

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status...

CVE-2021-24800

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments...

CVE-2021-24805

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status...