exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2022-3171

Status Candidate

Overview

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Related Files

VMware vRealize Log Insight Unauthenticated Remote Code Execution
Posted Sep 11, 2023
Authored by Ege Balci, Horizon3.ai Attack Team | Site metasploit.com

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. This Metasploit module achieves code execution via triggering a RemotePakDownloadCommand command via the exposed thrift service after obtaining the node token by calling a GetConfigRequest thrift command. After the download, it will trigger a PakUpgradeCommand for processing the specially crafted PAK archive, which then will place the JSP payload under a certain API endpoint (pre-authenticated) location upon extraction for gaining remote code execution. Successfully tested against version 8.0.2.

tags | exploit, remote, arbitrary, root, vulnerability, code execution, info disclosure
advisories | CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
SHA-256 | 2e4132d3093987ff065179429e52ff5e9baad8185fde7f58136c18d0aa950a90
Red Hat Security Advisory 2023-4983-01
Posted Sep 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4983-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include bypass, denial of service, deserialization, and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-30129, CVE-2022-25857, CVE-2022-3171, CVE-2022-37599, CVE-2022-38900, CVE-2022-40152, CVE-2022-42920, CVE-2022-45047, CVE-2023-0482, CVE-2023-20860, CVE-2023-20883
SHA-256 | 6867bafdeedf9ae75c9407251eef4143953398b5310e20fefd7e1e5070726ec8
Red Hat Security Advisory 2023-1006-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-31197, CVE-2022-3171, CVE-2022-41946, CVE-2022-41966, CVE-2022-42003, CVE-2022-42004, CVE-2022-42889, CVE-2023-0044
SHA-256 | 22e7b3eb2e44fe047c265d427baa95d5cd894dbe2e83f35b2ba2c51d7269e2f5
Gentoo Linux Security Advisory 202301-09
Posted Jan 11, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202301-9 - A vulnerability has been discovered in protobuf-java which could result in denial of service. Versions less than 3.20.3 are affected.

tags | advisory, java, denial of service
systems | linux, gentoo
advisories | CVE-2022-3171, CVE-2022-3509, CVE-2022-3510
SHA-256 | cc6d14bcef672773530eeb289efb90812d18552fdbb505d47acafcd798c97a92
Red Hat Security Advisory 2022-9023-01
Posted Dec 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9023-01 - This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2022-31197, CVE-2022-3171, CVE-2022-37734, CVE-2022-4116, CVE-2022-4147, CVE-2022-42003, CVE-2022-42004, CVE-2022-42889
SHA-256 | df6b37e9380bd4d9840f228c66d0517e1bce9318d82620afe02d2b5655495e78
Red Hat Security Advisory 2022-7896-01
Posted Nov 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7896-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that monitor specific database management systems. Debezium records the history of data changes in Kafka logs, from where your application consumes them. This makes it possible for your application to easily consume all of the events correctly and completely. Even if your application stops unexpectedly, it will not miss anything: when the application restarts, it will resume consuming the events where it left off. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-22569, CVE-2022-3171
SHA-256 | db48f95aa0be218cb430ca44501b8df6989e3b6fd7d6d84a74789c8d047837ed
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close