Open redirect

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP Open Charge Point Protocol for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

PT-2023-9575 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Award Processes component of Oracle Contract Lifecycle Management for Public Sector, which is part of Oracle E-Business Suite...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

Modern Attack Surface Management for CISOs

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what CISOs need to look for in an ASM solution...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

Modern Attack Surface Management for Cloud Teams

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what Cloud teams need to look for in an ASM solution...

MGASA-2023-0324 Updated postgresql packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. CVE-2023-5868 Buffer overrun from integer overflow in array modification. CVE-2023-5869 Role pgsignalbackend can signal certain superuser processes. CVE-2023-5870...

MemTracer - Memory Scaner

MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in Python language, aiming to detect reflectively loaded native .NET framework Dynamic-Link...

SUSE CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

The vulnerability of the PostgreSQL database management system lies in the ability to send signals to user processes through the role of pg_signal_backend. This allows a malicious actor to cause a service failure for a specific background process.

The vulnerability of the PostgreSQL database management system relates to the ability to send signals to user processes through the role of pgsignalbackend. Exploiting this vulnerability allows a malicious actor to cause a service failure for a specific background process...

SUSE-SU-2023:4425-1 Security update for postgresql, postgresql15, postgresql16

This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16 jscPED-5586. Security issues fixed: CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted...

FreeBSD : postgresql-server -- Role pg_cancel_backend can signal certain superuser processes (bbb18fcb-7f0d-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bbb18fcb-7f0d-11ee-94b4-6cc21735f730 advisory. - Role pgcancelbackend can signal certain superuser processesmore details CVE-2023-5870 Note that Nessu...

Vulnerability in core server (CVE-2023-5870)

Role "pgsignalbackend" can signal certain superuser processes Documentation says the pgsignalbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the...

PT-2023-6889 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to the pg signal backend role in PostgreSQL, which allows signaling certain superuser processes. This can be exploited by a remote high-privileged user to launch a...

tang: Race condition exists in the key generation and rotation functionality

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

Rocky Linux 8 : container-tools:3.0 (RLSA-2021:4222)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4222 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...