Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Red Hat Security Advisory 2024-10677-03

Red Hat Security Advisory 2024-10677-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#linux#red_hat#js#perl#postgres#sap
GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

### Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier **CVE-2024-49203**. ### Details Vulnerable code may look as follows: ``` @GetMapping public List<Test> getProducts(@RequestParam("orderBy") String orderBy) { JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test); PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test"); OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy)); JPAQuery<Test> orderedQuery = query.orderBy(order); return orderedQuery.fetch(); } ``` Where vulnerability is either caused by ```pathBuilder.get(orderBy)``` or the ```orderBy(order)``` method itself, based on where the security checks are expected. ...

Salt Typhoon Builds Out Malware Arsenal With GhostSpider

The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.

Red Hat Security Advisory 2024-9986-03

Red Hat Security Advisory 2024-9986-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9984-03

Red Hat Security Advisory 2024-9984-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5812-2

Debian Linux Security Advisory 5812-2 - The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt.

Cross-Site Scripting Is 2024's Most Dangerous Software Weakness

MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.

GHSA-wpvf-5mc3-hv6m: Querydsl SQL/HQL injection

Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.

AI About-Face: 'Mantis' Turns LLM Attackers Into Prey

Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands.

Palo Alto Networks Patches Critical Zero-Day Firewall Bug

The security vendor's Expedition firewall appliance's PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet.