Auto-Update: 2024-01-22T05:00:24.314078+00:00

This commit is contained in:
cad-safe-bot 2024-01-22 05:00:27 +00:00
parent 3726d729ac
commit 85433ada00
8 changed files with 132 additions and 15 deletions

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-19T04:15:09.560",
"lastModified": "2024-01-22T03:15:07.800",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -66,6 +66,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
"source": "secalert@redhat.com"
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7042",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:09.267",
"lastModified": "2024-01-03T17:05:12.947",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-22T03:15:07.900",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -114,6 +114,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/",
"source": "secalert@redhat.com"
},
{
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/",
"source": "secalert@redhat.com",

View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0408",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.380",
"lastModified": "2024-01-19T04:15:09.680",
"lastModified": "2024-01-22T03:15:08.023",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el servidor X.Org. El c\u00f3digo GLX PBuffer no llama al gancho XACE al crear el b\u00fafer, dej\u00e1ndolo sin etiquetar. Cuando el cliente emite otra solicitud para acceder a ese recurso (como con GetGeometry) o cuando crea otro recurso que necesita acceder a ese b\u00fafer, como un GC, el c\u00f3digo XSELINUX intentar\u00e1 usar un objeto que nunca fue etiquetado y fallar\u00e1 porque el SID es NULO."
}
],
"metrics": {
@ -58,6 +62,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
"source": "secalert@redhat.com"
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0409",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.593",
"lastModified": "2024-01-19T07:15:55.053",
"lastModified": "2024-01-22T03:15:08.120",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el servidor X.Org. El c\u00f3digo del cursor tanto en Xephyr como en Xwayland utiliza el tipo incorrecto de privado en el momento de la creaci\u00f3n. Utiliza el tipo de bits del cursor con el cursor como privado y, al iniciar el cursor, sobrescribe el contexto XSELINUX."
}
],
"metrics": {
@ -58,6 +62,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
"source": "secalert@redhat.com"
}
]
}

View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-23768",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T03:15:08.203",
"lastModified": "2024-01-22T03:15:08.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://docs.dremio.com/current/reference/bulletins/2024-01-12-01",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.670",
"lastModified": "2024-01-22T04:15:07.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.723",
"lastModified": "2024-01-22T04:15:07.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15",
"source": "cve@mitre.org"
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-22T03:00:24.678760+00:00
2024-01-22T05:00:24.314078+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-22T01:15:08.607000+00:00
2024-01-22T04:15:07.723000+00:00
```
### Last Data Feed Release
@ -29,24 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236487
236490
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `3`
* [CVE-2024-0774](CVE-2024/CVE-2024-07xx/CVE-2024-0774.json) (`2024-01-22T01:15:08.033`)
* [CVE-2024-0776](CVE-2024/CVE-2024-07xx/CVE-2024-0776.json) (`2024-01-22T01:15:08.263`)
* [CVE-2024-23750](CVE-2024/CVE-2024-237xx/CVE-2024-23750.json) (`2024-01-22T01:15:08.507`)
* [CVE-2024-23751](CVE-2024/CVE-2024-237xx/CVE-2024-23751.json) (`2024-01-22T01:15:08.557`)
* [CVE-2024-23752](CVE-2024/CVE-2024-237xx/CVE-2024-23752.json) (`2024-01-22T01:15:08.607`)
* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-22T03:15:08.203`)
* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-22T04:15:07.670`)
* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-22T04:15:07.723`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `4`
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-22T03:15:07.800`)
* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2024-01-22T03:15:07.900`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-22T03:15:08.023`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-22T03:15:08.120`)
## Download and Usage