Auto-Update: 2024-02-19T05:00:23.982630+00:00

CVE-2021/CVE-2021-437xx/CVE-2021-43784.json

@@ -2,8 +2,8 @@
   "id": "CVE-2021-43784",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2021-12-06T18:15:08.240",
-  "lastModified": "2021-12-08T18:05:49.630",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-19T03:15:07.330",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -175,6 +175,10 @@
       "tags": [
         "Vendor Advisory"
       ]
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html",
+      "source": "security-advisories@github.com"
     }
   ]
 }

CVE-2023/CVE-2023-44xx/CVE-2023-4408.json

@@ -2,12 +2,16 @@
   "id": "CVE-2023-4408",
   "sourceIdentifier": "security-officer@isc.org",
   "published": "2024-02-13T14:15:45.253",
-  "lastModified": "2024-02-13T16:15:08.450",
+  "lastModified": "2024-02-19T03:15:07.860",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
+    },
+    {
+      "lang": "es",
+      "value": "El c\u00f3digo de an\u00e1lisis de mensajes DNS en \"named\" incluye una secci\u00f3n cuya complejidad computacional es demasiado alta. No causa problemas para el tr\u00e1fico DNS t\u00edpico, pero las consultas y respuestas manipuladas pueden causar una carga excesiva de la CPU en la instancia \"nombrada\" afectada al explotar esta falla. Este problema afecta tanto a los servidores autorizados como a los solucionadores recursivos. Este problema afecta a las versiones de BIND 9, 9.0.0 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.9.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16. 45-S1 y 9.18.11-S1 a 9.18.21-S1."
     }
   ],
   "metrics": {
@@ -42,6 +46,10 @@
     {
       "url": "https://kb.isc.org/docs/cve-2023-4408",
       "source": "security-officer@isc.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
+      "source": "security-officer@isc.org"
     }
   ]
 }

CVE-2023/CVE-2023-451xx/CVE-2023-45142.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-45142",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2023-10-12T17:15:09.990",
-  "lastModified": "2023-10-18T18:27:50.437",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-19T03:15:07.697",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -144,6 +144,10 @@
       "tags": [
         "Product"
       ]
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD/",
+      "source": "security-advisories@github.com"
     }
   ]
 }

CVE-2023/CVE-2023-503xx/CVE-2023-50387.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-50387",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-02-14T16:15:45.300",
-  "lastModified": "2024-02-18T02:15:43.083",
+  "lastModified": "2024-02-19T03:15:07.980",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -44,6 +44,14 @@
       "url": "https://kb.isc.org/docs/cve-2023-50387",
       "source": "cve@mitre.org"
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/",
       "source": "cve@mitre.org"

CVE-2023/CVE-2023-508xx/CVE-2023-50868.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-50868",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-02-14T16:15:45.377",
-  "lastModified": "2024-02-18T02:15:43.240",
+  "lastModified": "2024-02-19T03:15:08.100",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -48,6 +48,14 @@
       "url": "https://kb.isc.org/docs/cve-2023-50868",
       "source": "cve@mitre.org"
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/",
       "source": "cve@mitre.org"

CVE-2023/CVE-2023-55xx/CVE-2023-5517.json

@@ -2,12 +2,16 @@
   "id": "CVE-2023-5517",
   "sourceIdentifier": "security-officer@isc.org",
   "published": "2024-02-13T14:15:45.510",
-  "lastModified": "2024-02-13T16:15:08.550",
+  "lastModified": "2024-02-19T03:15:08.170",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n  - `nxdomain-redirect <domain>;` is configured, and\n  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
+    },
+    {
+      "lang": "es",
+      "value": "Una falla en el c\u00f3digo de manejo de consultas puede causar que `named` se cierre prematuramente con un error de aserci\u00f3n cuando: - `nxdomain-redirect ;` est\u00e1 configurado, y - el solucionador recibe una consulta PTR para una direcci\u00f3n RFC 1918 que normalmente dar como resultado una respuesta NXDOMAIN autorizada. Este problema afecta a las versiones de BIND 9, 9.12.0 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.16.8-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18. .21-S1."
     }
   ],
   "metrics": {
@@ -42,6 +46,10 @@
     {
       "url": "https://kb.isc.org/docs/cve-2023-5517",
       "source": "security-officer@isc.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
+      "source": "security-officer@isc.org"
     }
   ]
 }

CVE-2023/CVE-2023-56xx/CVE-2023-5679.json

@@ -2,12 +2,16 @@
   "id": "CVE-2023-5679",
   "sourceIdentifier": "security-officer@isc.org",
   "published": "2024-02-13T14:15:45.677",
-  "lastModified": "2024-02-13T16:15:08.647",
+  "lastModified": "2024-02-19T03:15:08.260",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
+    },
+    {
+      "lang": "es",
+      "value": "Una mala interacci\u00f3n entre DNS64 y el servidor obsoleto puede causar que \"named\" falle con una falla de aserci\u00f3n durante la resoluci\u00f3n recursiva, cuando ambas funciones est\u00e1n habilitadas. Este problema afecta a las versiones de BIND 9, 9.16.12 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.16.12-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18. .21-S1."
     }
   ],
   "metrics": {
@@ -42,6 +46,10 @@
     {
       "url": "https://kb.isc.org/docs/cve-2023-5679",
       "source": "security-officer@isc.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
+      "source": "security-officer@isc.org"
     }
   ]
 }

CVE-2023/CVE-2023-65xx/CVE-2023-6516.json

@@ -2,12 +2,16 @@
   "id": "CVE-2023-6516",
   "sourceIdentifier": "security-officer@isc.org",
   "published": "2024-02-13T14:15:46.030",
-  "lastModified": "2024-02-13T16:15:08.743",
+  "lastModified": "2024-02-19T03:15:08.343",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1."
+    },
+    {
+      "lang": "es",
+      "value": "Para mantener eficiente su base de datos de cach\u00e9, `named` que se ejecuta como un solucionador recursivo intenta ocasionalmente limpiar la base de datos. Utiliza varios m\u00e9todos, incluidos algunos que son asincr\u00f3nicos: primero se asigna una peque\u00f1a porci\u00f3n de memoria que apunta al elemento de cach\u00e9 que se puede limpiar y luego se pone en cola para su posterior procesamiento. Se descubri\u00f3 que si el solucionador procesa continuamente patrones de consulta que desencadenan este tipo de mantenimiento de la base de datos de cach\u00e9, es posible que \"named\" no pueda manejar los eventos de limpieza de manera oportuna. Esto, a su vez, permite que la lista de eventos de limpieza en cola crezca infinitamente con el tiempo, lo que permite superar significativamente el l\u00edmite de \"tama\u00f1o m\u00e1ximo de cach\u00e9\" configurado. Este problema afecta a las versiones 9.16.0 a 9.16.45 y 9.16.8-S1 a 9.16.45-S1 de BIND 9."
     }
   ],
   "metrics": {
@@ -42,6 +46,10 @@
     {
       "url": "https://kb.isc.org/docs/cve-2023-6516",
       "source": "security-officer@isc.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
+      "source": "security-officer@isc.org"
     }
   ]
 }

CVE-2024/CVE-2024-216xx/CVE-2024-21626.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-21626",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2024-01-31T22:15:53.780",
-  "lastModified": "2024-02-11T06:15:11.683",
+  "lastModified": "2024-02-19T03:15:08.413",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -163,6 +163,10 @@
         "Vendor Advisory"
       ]
     },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html",
+      "source": "security-advisories@github.com"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/",
       "source": "security-advisories@github.com"

CVE-2024/CVE-2024-263xx/CVE-2024-26318.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-26318",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-19T04:15:07.400",
+  "lastModified": "2024-02-19T04:15:07.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://serenity.is/docs/release-notes/6.8.0",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-19T03:00:24.402315+00:00
+2024-02-19T05:00:23.982630+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-19T02:15:47.690000+00:00
+2024-02-19T04:15:07.400000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,21 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-238868
+238869
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `1`
 
-* [CVE-2020-36774](CVE-2020/CVE-2020-367xx/CVE-2020-36774.json) (`2024-02-19T02:15:47.690`)
-* [CVE-2022-48624](CVE-2022/CVE-2022-486xx/CVE-2022-48624.json) (`2024-02-19T01:15:48.643`)
+* [CVE-2024-26318](CVE-2024/CVE-2024-263xx/CVE-2024-26318.json) (`2024-02-19T04:15:07.400`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `9`
 
+* [CVE-2021-43784](CVE-2021/CVE-2021-437xx/CVE-2021-43784.json) (`2024-02-19T03:15:07.330`)
+* [CVE-2023-45142](CVE-2023/CVE-2023-451xx/CVE-2023-45142.json) (`2024-02-19T03:15:07.697`)
+* [CVE-2023-4408](CVE-2023/CVE-2023-44xx/CVE-2023-4408.json) (`2024-02-19T03:15:07.860`)
+* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-19T03:15:07.980`)
+* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-19T03:15:08.100`)
+* [CVE-2023-5517](CVE-2023/CVE-2023-55xx/CVE-2023-5517.json) (`2024-02-19T03:15:08.170`)
+* [CVE-2023-5679](CVE-2023/CVE-2023-56xx/CVE-2023-5679.json) (`2024-02-19T03:15:08.260`)
+* [CVE-2023-6516](CVE-2023/CVE-2023-65xx/CVE-2023-6516.json) (`2024-02-19T03:15:08.343`)
+* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-02-19T03:15:08.413`)
 
 
 ## Download and Usage