From dccfb294f5b155672c32d9e4422f0824ccf9cbac Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Aug 2024 00:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/45xxx/CVE-2024-45232.json | 56 ++++++++++++++++++--- 2024/45xxx/CVE-2024-45233.json | 56 ++++++++++++++++++--- 2024/7xxx/CVE-2024-7969.json | 10 ++-- 2024/8xxx/CVE-2024-8250.json | 89 ++++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8293.json | 18 +++++++ 5 files changed, 208 insertions(+), 21 deletions(-) create mode 100644 2024/8xxx/CVE-2024-8293.json diff --git a/2024/45xxx/CVE-2024-45232.json b/2024/45xxx/CVE-2024-45232.json index d86afd78f4e..d93edca54cc 100644 --- a/2024/45xxx/CVE-2024-45232.json +++ b/2024/45xxx/CVE-2024-45232.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-45232", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-45232", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2024-006", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2024-006" } ] } diff --git a/2024/45xxx/CVE-2024-45233.json b/2024/45xxx/CVE-2024-45233.json index e11378782db..eee7b83ba01 100644 --- a/2024/45xxx/CVE-2024-45233.json +++ b/2024/45xxx/CVE-2024-45233.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-45233", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-45233", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2024-006", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2024-006" } ] } diff --git a/2024/7xxx/CVE-2024-7969.json b/2024/7xxx/CVE-2024-7969.json index a068325ab9a..52dddd0b49a 100644 --- a/2024/7xxx/CVE-2024-7969.json +++ b/2024/7xxx/CVE-2024-7969.json @@ -55,15 +55,15 @@ }, "references": { "reference_data": [ - { - "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html", - "refsource": "MISC", - "name": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html" - }, { "url": "https://issues.chromium.org/issues/351865302", "refsource": "MISC", "name": "https://issues.chromium.org/issues/351865302" + }, + { + "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html" } ] } diff --git a/2024/8xxx/CVE-2024-8250.json b/2024/8xxx/CVE-2024-8250.json index a74c3b827dd..fdd2de93e93 100644 --- a/2024/8xxx/CVE-2024-8250.json +++ b/2024/8xxx/CVE-2024-8250.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-825: Expired Pointer Dereference", + "cweId": "CWE-825" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.2.0", + "version_value": "4.2.7" + }, + { + "version_affected": "<", + "version_name": "4.0.0", + "version_value": "4.0.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wireshark.org/security/wnpa-sec-2024-11.html", + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2024-11.html" + }, + { + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19943", + "refsource": "MISC", + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19943" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 4.2.7 or above." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/8xxx/CVE-2024-8293.json b/2024/8xxx/CVE-2024-8293.json new file mode 100644 index 00000000000..27d10aecc08 --- /dev/null +++ b/2024/8xxx/CVE-2024-8293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file