Auto-Update: 2024-01-22T05:00:24.314078+00:00

CVE-2023/CVE-2023-68xx/CVE-2023-6816.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-6816",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-01-18T05:15:08.607",
-  "lastModified": "2024-01-19T04:15:09.560",
+  "lastModified": "2024-01-22T03:15:07.800",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -66,6 +66,10 @@
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
       "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
+      "source": "secalert@redhat.com"
     }
   ]
 }

CVE-2023/CVE-2023-70xx/CVE-2023-7042.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-7042",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-12-21T20:15:09.267",
-  "lastModified": "2024-01-03T17:05:12.947",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-22T03:15:07.900",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -114,6 +114,10 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/",
       "source": "secalert@redhat.com",

CVE-2024/CVE-2024-04xx/CVE-2024-0408.json

@@ -2,12 +2,16 @@
   "id": "CVE-2024-0408",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-01-18T16:15:08.380",
-  "lastModified": "2024-01-19T04:15:09.680",
+  "lastModified": "2024-01-22T03:15:08.023",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una falla en el servidor X.Org. El c\u00f3digo GLX PBuffer no llama al gancho XACE al crear el b\u00fafer, dej\u00e1ndolo sin etiquetar. Cuando el cliente emite otra solicitud para acceder a ese recurso (como con GetGeometry) o cuando crea otro recurso que necesita acceder a ese b\u00fafer, como un GC, el c\u00f3digo XSELINUX intentar\u00e1 usar un objeto que nunca fue etiquetado y fallar\u00e1 porque el SID es NULO."
     }
   ],
   "metrics": {
@@ -58,6 +62,10 @@
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
       "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
+      "source": "secalert@redhat.com"
     }
   ]
 }

CVE-2024/CVE-2024-04xx/CVE-2024-0409.json

@@ -2,12 +2,16 @@
   "id": "CVE-2024-0409",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-01-18T16:15:08.593",
-  "lastModified": "2024-01-19T07:15:55.053",
+  "lastModified": "2024-01-22T03:15:08.120",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una falla en el servidor X.Org. El c\u00f3digo del cursor tanto en Xephyr como en Xwayland utiliza el tipo incorrecto de privado en el momento de la creaci\u00f3n. Utiliza el tipo de bits del cursor con el cursor como privado y, al iniciar el cursor, sobrescribe el contexto XSELINUX."
     }
   ],
   "metrics": {
@@ -58,6 +62,10 @@
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/",
       "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/",
+      "source": "secalert@redhat.com"
     }
   ]
 }

CVE-2024/CVE-2024-237xx/CVE-2024-23768.json

@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2024-23768",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-22T03:15:08.203",
+  "lastModified": "2024-01-22T03:15:08.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://docs.dremio.com/current/reference/bulletins/2024-01-12-01",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23770.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-23770",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-22T04:15:07.670",
+  "lastModified": "2024-01-22T04:15:07.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35d",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23771.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-23771",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-22T04:15:07.723",
+  "lastModified": "2024-01-22T04:15:07.723",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-22T03:00:24.678760+00:00
+2024-01-22T05:00:24.314078+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-22T01:15:08.607000+00:00
+2024-01-22T04:15:07.723000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,24 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-236487
+236490
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `3`
 
-* [CVE-2024-0774](CVE-2024/CVE-2024-07xx/CVE-2024-0774.json) (`2024-01-22T01:15:08.033`)
-* [CVE-2024-0776](CVE-2024/CVE-2024-07xx/CVE-2024-0776.json) (`2024-01-22T01:15:08.263`)
-* [CVE-2024-23750](CVE-2024/CVE-2024-237xx/CVE-2024-23750.json) (`2024-01-22T01:15:08.507`)
-* [CVE-2024-23751](CVE-2024/CVE-2024-237xx/CVE-2024-23751.json) (`2024-01-22T01:15:08.557`)
-* [CVE-2024-23752](CVE-2024/CVE-2024-237xx/CVE-2024-23752.json) (`2024-01-22T01:15:08.607`)
+* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-22T03:15:08.203`)
+* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-22T04:15:07.670`)
+* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-22T04:15:07.723`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `4`
 
+* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-22T03:15:07.800`)
+* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2024-01-22T03:15:07.900`)
+* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-22T03:15:08.023`)
+* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-22T03:15:08.120`)
 
 
 ## Download and Usage