{"vulnerability": "CVE-2023-4622", "sightings": [{"uuid": "34dfac33-3c85-4168-a9e6-9b95afa939f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46229", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto3mncq2m", "content": "", "creation_timestamp": "2025-08-21T21:02:40.326691Z"}, {"uuid": "0e6256db-57a0-4f2f-9f20-7dee4d46576d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46227", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/72555", "content": "\u203c CVE-2023-46227 \u203c\n\nDeserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \\t to bypass.\u00c2\u00a0Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/8814\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-19T14:34:22.000000Z"}, {"uuid": "6c4b0940-f98f-4f9d-9566-205bf692d873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46226", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4341", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46226\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: Remote Code Execution vulnerability in Apache IoTDB. This issue affects Apache IoTDB from 1.0.0 through 1.2.2.\n\nUsers are recommended to upgrade to version 1.3.0, which fixes the issue.\n\ud83d\udccf Published: 2024-01-15T12:30:19Z\n\ud83d\udccf Modified: 2025-02-13T19:31:37Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-46226\n2. https://github.com/apache/iotdb\n3. https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2024-11.yaml\n4. https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg\n5. http://www.openwall.com/lists/oss-security/2024/01/15/1", "creation_timestamp": "2025-02-13T20:15:22.000000Z"}, {"uuid": "efbc14b1-411f-4612-8130-0ae1bfb76273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4622", "type": "seen", "source": "Telegram/OZTGhGxffczJOLYxRDsnzD7Tk3-jXfZZz6QinbuRb9TVyL26", "content": "", "creation_timestamp": "2025-02-14T10:08:16.000000Z"}, {"uuid": "e83ef863-6955-433c-a05c-7c114d02c6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4622", "type": "seen", "source": "https://t.me/arpsyndicate/4837", "content": "#ExploitObserverAlert\n\nCVE-2023-4622\n\nDESCRIPTION: Exploit Observer has 186 entries in 6 file formats related to CVE-2023-4622. A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.  The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.  We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.0\nARPS-PRIORITY: 0.9517538", "creation_timestamp": "2024-04-24T22:51:39.000000Z"}, {"uuid": "c03b1a2d-17b4-4ed4-bd0e-6a8d7bce9578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4622", "type": "seen", "source": "https://t.me/arpsyndicate/318", "content": "#ExploitObserverAlert\n\nCVE-2023-4622\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4622. A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.  The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.  We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.0", "creation_timestamp": "2023-11-21T20:15:05.000000Z"}, {"uuid": "c907d628-4a95-4cd2-9775-94e740ea9249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46226", "type": "seen", "source": "https://t.me/ctinow/168306", "content": "https://ift.tt/7ujK0nf\nCVE-2023-46226", "creation_timestamp": "2024-01-15T12:26:30.000000Z"}, {"uuid": "d8b6b878-47ea-4e4a-8311-d6574d188fb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46226", "type": "seen", "source": "https://t.me/ctinow/178511", "content": "https://ift.tt/Q2Ui61V\nCVE-2023-46226 | Apache IoTDB up to 1.2.2 Privilege Escalation", "creation_timestamp": "2024-02-03T12:16:45.000000Z"}, {"uuid": "90e73ad1-3dca-417e-8f79-071b4e8d82a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46224", "type": "seen", "source": "https://t.me/ctinow/167738", "content": "https://ift.tt/ScJ7O1u\nCVE-2023-46224 | Ivanti Avalanche 6.4.1 Mobile Device Server memory corruption", "creation_timestamp": "2024-01-13T08:17:09.000000Z"}, {"uuid": "0c13a008-2650-4e7b-84a6-6066adb450e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46223", "type": "seen", "source": "https://t.me/ctinow/167716", "content": "https://ift.tt/JoLUqrA\nCVE-2023-46223 | Ivanti Avalanche 6.4.1 Mobile Device Server memory corruption", "creation_timestamp": "2024-01-13T07:46:38.000000Z"}, {"uuid": "6b038778-0456-46e8-a9f9-b42dff3a5cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46222", "type": "seen", "source": "https://t.me/ctinow/167715", "content": "https://ift.tt/sl4buF7\nCVE-2023-46222 | Ivanti Avalanche 6.4.1 Mobile Device Server memory corruption", "creation_timestamp": "2024-01-13T07:46:37.000000Z"}, {"uuid": "89ba4a71-2523-4b7c-8da3-9a3b8aa252fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46221", "type": "seen", "source": "https://t.me/ctinow/167714", "content": "https://ift.tt/BzdOUjQ\nCVE-2023-46221 | Ivanti Avalanche 6.4.1 Mobile Device Server memory corruption", "creation_timestamp": "2024-01-13T07:46:36.000000Z"}, {"uuid": "ee7157a6-b80b-4829-916b-5b21dba906dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46220", "type": "seen", "source": "https://t.me/ctinow/167713", "content": "https://ift.tt/EPZUgGz\nCVE-2023-46220 | Ivanti Avalanche 6.4.1 Mobile Device Server memory corruption", "creation_timestamp": "2024-01-13T07:46:34.000000Z"}]}