58 matches found
Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9
Summary Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9 Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to ...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in protobuf [CVE-2022-3171]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in protobuf, due to a parsing issue with binary data in protobuf-java core CVE-2022-3171. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM® Db2® is affected by a vulnerability in protobuf-java (CVE-2022-3510, CVE-2022-3509, CVE-2022-3171).
Summary protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to caus...
Fedora 37 : protobuf (2022-25f35ed634)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-25f35ed634 advisory. Selected notes from packaging changes and improvements: 3.19.6 fixes CVE-2022-3171 3.19.5 fixes CVE-2022-1941 License updated to SPDX Unnecessary...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in google-protobuf-3.11.2.gem
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of google-protobuf-3.11.2.gem Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and te...
CVE-2022-3171 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2022-3171 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite ( CVE-2022-3171).
Summary Protobuf-java core and lite are used by IBM Event Streams. The protobuf-java core library provides comprehensive functionality for working with Protocol Buffers, including advanced parsing and serialization, while the protobuf-java-lite library offers a performance-optimized version for...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update
Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)
Summary A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by...
Security Bulletin: Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2022-3171, CVE-2022-3509)
Summary Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14754)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14754 advisory. - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...
SUSE SLES15: libprotobuf-lite20 / python2-cryptography / python2-psutil / etc (SUSE-SU-2023:2783-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-2 advisory. grpc: - Update in SLE-15 bsc1197726, bsc1144068 protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)
Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
SUSE SLES15: libprotobuf-lite20 / python2-cryptography / python2-psutil / etc (SUSE-SU-2023:2783-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. grpc: - Update in SLE-15 bsc1197726, bsc1144068 protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,...
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...
Security Bulletin: WebSphere Application Server Liberty is vulnerable to CVE-2022-3509 and CVE-2022-3171 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to CVE-2022-3509 and CVE-2022-3171. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3171]
Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...
Fedora: Security Advisory for protobuf (FEDORA-2022-15729fa33d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for perl-Alien-ProtoBuf (FEDORA-2022-15729fa33d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)
Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...