CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2022-41852 |
Description: Summary
Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input.
Details
The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security issue if the XPath expressions are provided by user input.
org.geotools.appschema.util.XmlXpathUtilites.getXPathValues(NamespaceSupport, String, Document)
org.geotools.appschema.util.XmlXpathUtilites.countXPathNodes(NamespaceSupport, String, Document)
org.geotools.appschema.util.XmlXpathUtilites.getSingleXPathValue(NamespaceSupport, String, Document)
org.geotools.data.complex.expression.FeaturePropertyAccessorFactory.FeaturePropertyAccessor.get(Object, String, Class)
org.geotools.data.complex.expression.FeaturePropertyAccessorFactory.FeaturePropertyAccessor.set(Object, String, Object, Class)
org.geotools.data.complex.expression.MapPropertyAccessorFactory.new PropertyAccessor() {...}.get(Object, String, Class)
org.geotools.xsd.StreamingParser.StreamingParser(Configuration, InputStream, String)
PoC
The following inputs to StreamingParser will delay the response by five seconds:
new org.geotools.xsd.StreamingParser(
new org.geotools.filter.v1_0.OGCConfiguration(),
new java.io.ByteArrayInputStream("".getBytes()),
"java.lang.Thread.sleep(5000)")
.parse();
Impact
This vulnerability can lead ...
February 5th, 2025 (5 months ago)
|
|
CVE-2022-41852 |
Description: Summary
Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input.
Details
The following methods pass XPath expressions to the commons-jxpath library which can execute arbitrary code and would be a security issue if the XPath expressions are provided by user input.
org.geotools.appschema.util.XmlXpathUtilites.getXPathValues(NamespaceSupport, String, Document)
org.geotools.appschema.util.XmlXpathUtilites.countXPathNodes(NamespaceSupport, String, Document)
org.geotools.appschema.util.XmlXpathUtilites.getSingleXPathValue(NamespaceSupport, String, Document)
org.geotools.data.complex.expression.FeaturePropertyAccessorFactory.FeaturePropertyAccessor.get(Object, String, Class)
org.geotools.data.complex.expression.FeaturePropertyAccessorFactory.FeaturePropertyAccessor.set(Object, String, Object, Class)
org.geotools.data.complex.expression.MapPropertyAccessorFactory.new PropertyAccessor() {...}.get(Object, String, Class)
org.geotools.xsd.StreamingParser.StreamingParser(Configuration, InputStream, String)
PoC
The following inputs to StreamingParser will delay the response by five seconds:
new org.geotools.xsd.StreamingParser(
new org.geotools.filter.v1_0.OGCConfiguration(),
new java.io.ByteArrayInputStream("".getBytes()),
"java.lang.Thread.sleep(5000)")
.parse();
Impact
This vulnerability can lead ...
February 5th, 2025 (5 months ago)
|
|
Description: The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
February 5th, 2025 (5 months ago)
|
|
|
Description: AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. [...]
February 5th, 2025 (5 months ago)
|
|
|
Description: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. [...]
February 5th, 2025 (5 months ago)
|
|
|
Description: Explore the critical role of cyberattacks in shaping the modern space race. Learn how nation-states and organizations must adapt their cybersecurity measures to protect global economies, military operations, and the future of space exploration.
February 5th, 2025 (5 months ago)
|
|
|
Description: We talk all about Musk's takeover of the federal government, including audio of a meeting we got touching a Musk ally's AI plans. Then, AI slop in libraries.
February 5th, 2025 (5 months ago)
|
|
|
Description: A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
"This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report
February 5th, 2025 (5 months ago)
|
|
|
Description: Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.
Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.
"Originally sourced from public
February 5th, 2025 (5 months ago)
|
|
|
February 5th, 2025 (5 months ago)
|