Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0232 |
Description: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-0217 |
Description: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-47038 |
Description: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
Description: Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...]
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203.
Details
Vulnerable code may look as follows:
@GetMapping
public List<Test> getProducts(@RequestParam("orderBy") String orderBy) {
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy));
JPAQuery<Test> orderedQuery = query.orderBy(order);
return orderedQuery.fetch();
}
Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected.
PoC
Full POC code is available in repository:
https://github.com/CSIRTTrizna/CVE-2024-49203/
When we take a look at source code shown in Details section the functionality is as follows:
Create JPAQuery object instance:
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
Create OrderSpecifier object instance:
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge...
November 27th, 2024 (5 months ago)
|
|
|
Description: Summary
The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203.
Details
Vulnerable code may look as follows:
@GetMapping
public List<Test> getProducts(@RequestParam("orderBy") String orderBy) {
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy));
JPAQuery<Test> orderedQuery = query.orderBy(order);
return orderedQuery.fetch();
}
Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected.
PoC
Full POC code is available in repository:
https://github.com/CSIRTTrizna/CVE-2024-49203/
When we take a look at source code shown in Details section the functionality is as follows:
Create JPAQuery object instance:
JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test);
Create OrderSpecifier object instance:
PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test");
OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge...
November 27th, 2024 (5 months ago)
|