Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Red Hat Security Advisory 2024-8906-03

Red Hat Security Advisory 2024-8906-03 - A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Issues addressed include bypass, denial of service, memory leak, remote SQL injection, and traversal vulnerabilities.

Packet Storm
#sql#vulnerability#red_hat#dos#js#git#auth
GHSA-82j3-hf72-7x93: Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

### Summary Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. ### Details The problem lies in the way how the expanded javadoc files are served. The `GET /javadoc/{repository}/<gav>/raw/<resource>` route uses the `<resource>` path parameter to find the file in the `javadocUnpackPath` directory and returns it's content to the user. [JavadocFacade.kt#L77](https://github.com/dzikoysk/reposilite/blob/68b73f19dc9811ccf10936430cf17f7b0e622bd6/reposilite-backend/src/main/kotlin/com/reposilite/javadocs/JavadocFacade.kt#L77): ```kotlin fun findRawJavadocResource(request: JavadocRawRequest): Result<JavadocRawResponse, ErrorResponse> = with (request) { mavenFacade.canAccessResource(accessToken, repository, gav) .flatMap { javadocContainerService.loadContainer(accessToken, repository, gav) } .filter({ Files.exists(it.javadocUnpackPath.resolve(resource.toString())) }, { notFound("Resourc...

IBM Security Verify Access 32 Vulnerabilities

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

SQLite3 generate_series Stack Buffer Underflow

SQLite3 suffers from a stack buffer underflow condition in seriesBestIndex in the generate_series extension.

Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding

4 Main API Security Risks Organizations Need to Address

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.

SmartAgent 1.1.0 SQL Injection

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

How To Create a Complete GitHub Backup

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…

GHSA-mcw3-h5xg-r95m: JeecgBoot SQL Injection vulnerability

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.