Auto-Update: 2024-02-21T03:00:24.174990+00:00

CVE-2024/CVE-2024-04xx/CVE-2024-0407.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-0407",
+  "sourceIdentifier": "hp-security-alert@hp.com",
+  "published": "2024-02-21T01:15:07.753",
+  "lastModified": "2024-02-21T01:15:07.753",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://support.hp.com/us-en/document/ish_10174094-10174120-16",
+      "source": "hp-security-alert@hp.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-07xx/CVE-2024-0794.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-0794",
   "sourceIdentifier": "hp-security-alert@hp.com",
   "published": "2024-02-20T18:15:50.840",
-  "lastModified": "2024-02-20T19:50:53.960",
+  "lastModified": "2024-02-21T01:15:07.810",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -13,7 +13,7 @@
   "metrics": {},
   "references": [
     {
-      "url": "https://support.hp.com/us-en/document/ish_10174031-10174074-16",
+      "url": "https://support.hp.com/us-en/document/ish_10174031-10198670-16",
       "source": "hp-security-alert@hp.com"
     }
   ]

CVE-2024/CVE-2024-244xx/CVE-2024-24474.json

@@ -2,12 +2,12 @@
   "id": "CVE-2024-24474",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-02-20T18:15:52.463",
-  "lastModified": "2024-02-20T19:50:53.960",
+  "lastModified": "2024-02-21T01:15:07.857",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component."
+      "value": "QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len."
     }
   ],
   "metrics": {},

CVE-2024/CVE-2024-244xx/CVE-2024-24475.json

@@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-24475",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-21T01:15:07.890",
+  "lastModified": "2024-02-21T01:15:07.890",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}

CVE-2024/CVE-2024-251xx/CVE-2024-25147.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25147",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-21T02:15:29.750",
+  "lastModified": "2024-02-21T02:15:29.750",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.6,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147",
+      "source": "security@liferay.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-251xx/CVE-2024-25152.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25152",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-21T02:15:29.933",
+  "lastModified": "2024-02-21T02:15:29.933",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152",
+      "source": "security@liferay.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-256xx/CVE-2024-25601.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25601",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-21T02:15:30.100",
+  "lastModified": "2024-02-21T02:15:30.100",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601",
+      "source": "security@liferay.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-256xx/CVE-2024-25602.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25602",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-21T02:15:30.267",
+  "lastModified": "2024-02-21T02:15:30.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization\u2019s \u201cName\u201d text field"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602",
+      "source": "security@liferay.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-21T00:55:27.626993+00:00
+2024-02-21T03:00:24.174990+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-21T00:15:07.597000+00:00
+2024-02-21T02:15:30.267000+00:00
 ```
 
 ### Last Data Feed Release
@@ -23,27 +23,33 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2024-02-20T01:00:28.243628+00:00
+2024-02-21T01:00:28.250691+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-239020
+239026
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `6`
 
-* [CVE-2023-50923](CVE-2023/CVE-2023-509xx/CVE-2023-50923.json) (`2024-02-21T00:15:07.597`)
-* [CVE-2024-23758](CVE-2024/CVE-2024-237xx/CVE-2024-23758.json) (`2024-02-20T23:15:07.683`)
+* [CVE-2024-0407](CVE-2024/CVE-2024-04xx/CVE-2024-0407.json) (`2024-02-21T01:15:07.753`)
+* [CVE-2024-24475](CVE-2024/CVE-2024-244xx/CVE-2024-24475.json) (`2024-02-21T01:15:07.890`)
+* [CVE-2024-25147](CVE-2024/CVE-2024-251xx/CVE-2024-25147.json) (`2024-02-21T02:15:29.750`)
+* [CVE-2024-25152](CVE-2024/CVE-2024-251xx/CVE-2024-25152.json) (`2024-02-21T02:15:29.933`)
+* [CVE-2024-25601](CVE-2024/CVE-2024-256xx/CVE-2024-25601.json) (`2024-02-21T02:15:30.100`)
+* [CVE-2024-25602](CVE-2024/CVE-2024-256xx/CVE-2024-25602.json) (`2024-02-21T02:15:30.267`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `2`
 
+* [CVE-2024-0794](CVE-2024/CVE-2024-07xx/CVE-2024-0794.json) (`2024-02-21T01:15:07.810`)
+* [CVE-2024-24474](CVE-2024/CVE-2024-244xx/CVE-2024-24474.json) (`2024-02-21T01:15:07.857`)
 
 
 ## Download and Usage