exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2022-24823

Status Candidate

Overview

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.

Related Files

Red Hat Security Advisory 2023-5165-01
Posted Sep 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-37136, CVE-2021-37137, CVE-2022-1471, CVE-2022-24823, CVE-2022-36944, CVE-2023-0482, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-33201, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462
SHA-256 | c7bacd29d694aaaaf457349ec19016b4d130ffc214bfce870fe209e62bdbdd3c
Red Hat Security Advisory 2023-3223-01
Posted May 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3223-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service, deserialization, information leakage, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-0341, CVE-2021-37136, CVE-2021-37137, CVE-2021-46877, CVE-2022-24823, CVE-2022-36944, CVE-2022-40149, CVE-2022-40150, CVE-2022-42003, CVE-2022-42004, CVE-2023-0833, CVE-2023-1370
SHA-256 | 2e9f7b14744710d4471684a7020cb03110e262064411dd07a3bca0add6dbd69d
Red Hat Security Advisory 2022-8652-01
Posted Nov 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8652-01 - This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2019-8331, CVE-2021-31684, CVE-2021-3717, CVE-2021-44906, CVE-2022-0613, CVE-2022-2048, CVE-2022-2053, CVE-2022-24723, CVE-2022-24785, CVE-2022-24823, CVE-2022-25857, CVE-2022-31129, CVE-2022-31197, CVE-2022-33980
SHA-256 | b89385857db68f0aa348c05a9ddb89d72cf0040803429d98b23d91abba728434
Red Hat Security Advisory 2022-8524-01
Posted Nov 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8524-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3]. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-0235, CVE-2022-23647, CVE-2022-24823, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752
SHA-256 | bf83175af6bd8f86227a3df154656e0d2511b3653027b8064dd712094546c645
Red Hat Security Advisory 2022-6916-01
Posted Oct 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6916-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a html injection vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3121, CVE-2022-24823, CVE-2022-33980, CVE-2022-35278
SHA-256 | 6b89640d7d4498cbb3ba5fe2b00901c811c23f11113a41ef771edf43f98a2db0
Red Hat Security Advisory 2022-6819-01
Posted Oct 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6819-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2022-24823, CVE-2022-25647, CVE-2022-34917
SHA-256 | e7deb193c327c720bc537c10be1bf511cd9dc439a79ac2f7c20fe023e9cc3988
Red Hat Security Advisory 2022-5928-01
Posted Aug 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5928-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-24823, CVE-2022-25647
SHA-256 | 6e038e8f54806a7639279dc90490a36aa1d4ce77faa2ca9c822c8162fb667dbd
Red Hat Security Advisory 2022-5892-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5892-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-24823, CVE-2022-25647
SHA-256 | 0bcee61dfe0ce316be6fa00ab748da7982555563f8a5827a6684f1375b776344
Red Hat Security Advisory 2022-5893-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5893-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-24823, CVE-2022-25647
SHA-256 | 759956fa8198b6da0d0e492602418c691f029a866ace132b6dba9c842d49be07
Red Hat Security Advisory 2022-5894-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5894-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a first release for Red Hat JBoss Enterprise Application Platform 7.4 on Red Hat Enterprise Linux 9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-24823, CVE-2022-25647
SHA-256 | 426a645d2fa0ddc98a75436f88fd9b611293459a951b5c12b1d26e94e2db2da3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close