CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

UBUNTU-CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

CVE-2020-21469

POInted vulnerability: CVE-2020-21469 affects PostgreSQL 12.2; allows denial-of-service by repeatedly sending SIGHUP signals. Note: vendor disputes claim that untrusted users cannot send SIGHUP; signals would require a PostgreSQL superuser, pg_reload_conf access, or OS-level privileges. Public ex...

CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

How the Microsoft Incident Response team helps customers remediate threats

Each year, organizations face tens of billions of malware, phishing, and credential threats—with real-world impacts. When an attack succeeds, it can result in grave impacts on any industry. For example, it could delay a police or fire department’s response to an emergency, prevent a hospital from...

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these API...

WordPress WP Signals Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Signals Type Plugin Vulnerable versions = 1.0.1 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8e47de8a880f Credits Rafie Muhammad Patchstack Required...

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory CSA to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China PRC state-sponsored cyber actor, also known as Volt Typhoon...

GHSA-XP5G-JHG3-3RG2 Double spend in snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

Design/Logic Flaw

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

CVE-2023-33252

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...

iden3 snarkjs 安全漏洞

snarkjs is an open source JavaScript library from iden3 open source for building zero-knowledge proofs. A security vulnerability exists in iden3 snarkjs version 0.6.11 and earlier, which stems from not verifying that the length of publicSignals is less than the field modulus...

PT-2023-24246 · Unknown · Iden3 Snarkjs

Name of the Vulnerable Software and Affected Versions: iden3 snarkjs versions through 0.6.11 Description: The issue allows double spending due to the lack of validation that the publicSignals length is less than the field modulus. Recommendations: For iden3 snarkjs versions through 0.6.11, consid...

Sorting Through Haystacks to Find CTI Needles

Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or...

Sorting Through Haystacks to Find CTI Needles

Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or...

CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited...

Design/Logic Flaw

DISPUTED The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...