CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 1CVE-2022-45061 – python: CPU denial of service via inefficient IDNA decoder
https://notcve.org/view.php?id=CVE-2022-45061
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. • https://github.com/python/cpython/issues/98433 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNS • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-37966 – Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Kerberos RC4-HMAC de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 https://security.gentoo.org/glsa/202309-06 •
CVSS: 7.2EPSS: 5%CPEs: 14EXPL: 0CVE-2022-37967 – Windows Kerberos Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Kerberos en Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 https://security.gentoo.org/glsa/202309-06 •
CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-38023 – Netlogon RPC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Netlogon RPC A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the same MD5 calculation and replace it without being detected. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-38023 https://bugzilla.redhat.com/show_bug.cgi?id=2154362 • CWE-328: Use of Weak Hash •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 2CVE-2022-44792 – net-snmp: NULL Pointer Exception when handling ipDefaultTTL
https://notcve.org/view.php?id=CVE-2022-44792
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. handle_ipDefaultTTL en agent/mibgroup/ip-mib/ip_scalars.c en Net-SNMP 5.8 a 5.9.3 tiene un error de excepción de puntero NULL que puede ser utilizado por un atacante remoto (que tiene acceso de escritura) para provocar que la instancia se bloquee a través de un paquete UDP elaborado, lo que resulta en una Denegación de Servicio. A vulnerability was found in Net-SNMP. This issue occurs because the handle_ipDefaultTTL function in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker (who has to write access) to cause the instance to crash via a crafted UDP packet, resulting in a denial of service. • https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 https://github.com/net-snmp/net-snmp/issues/474 https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html https://security.netapp.com/advisory/ntap-20230223-0011 https://access.redhat.com/security/cve/CVE-2022-44792 https://bugzilla.redhat.com/show_bug.cgi?id=2141897 • CWE-476: NULL Pointer Dereference •