From 90e2e352acfcbcc33e12b3f63edf88c2c64e561b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Aug 2024 05:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/38xxx/CVE-2024-38482.json | 85 +++++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42458.json | 77 ++++++++++++++++++++++++++++++ 2024/7xxx/CVE-2024-7389.json | 86 ++++++++++++++++++++++++++++++++-- 3 files changed, 240 insertions(+), 8 deletions(-) create mode 100644 2024/42xxx/CVE-2024-42458.json diff --git a/2024/38xxx/CVE-2024-38482.json b/2024/38xxx/CVE-2024-38482.json index 3a079fdc465..ac9d413c802 100644 --- a/2024/38xxx/CVE-2024-38482.json +++ b/2024/38xxx/CVE-2024-38482.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703: Improper Check or Handling of Exceptional Conditions", + "cweId": "CWE-703" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "CloudLink", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000227493/dsa-2024-343-security-update-for-dell-cloudlink-vulnerability", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000227493/dsa-2024-343-security-update-for-dell-cloudlink-vulnerability" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell would like to thank B4gpipe for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42458.json b/2024/42xxx/CVE-2024-42458.json new file mode 100644 index 00000000000..e38eca5e8d1 --- /dev/null +++ b/2024/42xxx/CVE-2024-42458.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-42458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47", + "refsource": "MISC", + "name": "https://github.com/any1/neatvnc/commit/cc71650a69abc2573a0d96d082409d2468802d47" + }, + { + "url": "https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1", + "refsource": "MISC", + "name": "https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1" + }, + { + "url": "https://github.com/any1/neatvnc/releases/tag/v0.8.1", + "refsource": "MISC", + "name": "https://github.com/any1/neatvnc/releases/tag/v0.8.1" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/08/02/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2024/08/02/1" + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7389.json b/2024/7xxx/CVE-2024-7389.json index f9c2bad7262..54400ddcd6e 100644 --- a/2024/7xxx/CVE-2024-7389.json +++ b/2024/7xxx/CVE-2024-7389.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpmudev", + "product": { + "product_data": [ + { + "product_name": "Forminator \u2013 Contact Form, Payment Form & Custom Form Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.29.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d04b822-a48a-485e-b9b5-f5a213307c71?source=cve" + }, + { + "url": "https://developers.hubspot.com/docs/api/webhooks#scopes", + "refsource": "MISC", + "name": "https://developers.hubspot.com/docs/api/webhooks#scopes" + }, + { + "url": "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", + "refsource": "MISC", + "name": "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3047085/forminator/trunk/addons/pro/hubspot/lib/class-forminator-addon-hubspot-wp-api.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3047085/forminator/trunk/addons/pro/hubspot/lib/class-forminator-addon-hubspot-wp-api.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Sean Murphy" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] }