diff --git a/2020/0xxx/CVE-2020-0569.json b/2020/0xxx/CVE-2020-0569.json index 2fb4bc8c297..6d8cec5b611 100644 --- a/2020/0xxx/CVE-2020-0569.json +++ b/2020/0xxx/CVE-2020-0569.json @@ -44,41 +44,6 @@ }, "references": { "reference_data": [ - { - "refsource": "MLIST", - "name": "[oss-security] 20200129 New Qt vulnerabilities", - "url": "http://www.openwall.com/lists/oss-security/2020/01/30/1" - }, - { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2092-1] qtbase-opensource-src security update", - "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00000.html" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4617", - "url": "https://www.debian.org/security/2020/dsa-4617" - }, - { - "refsource": "BUGTRAQ", - "name": "20200204 [SECURITY] [DSA 4617-1] qtbase-opensource-src security update", - "url": "https://seclists.org/bugtraq/2020/Feb/6" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2020:0209", - "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00012.html" - }, - { - "refsource": "UBUNTU", - "name": "USN-4275-1", - "url": "https://usn.ubuntu.com/4275-1/" - }, - { - "refsource": "GENTOO", - "name": "GLSA-202003-60", - "url": "https://security.gentoo.org/glsa/202003-60" - }, { "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html", diff --git a/2023/29xxx/CVE-2023-29332.json b/2023/29xxx/CVE-2023-29332.json index c3167922cdb..b560b2dd148 100644 --- a/2023/29xxx/CVE-2023-29332.json +++ b/2023/29xxx/CVE-2023-29332.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29332", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Kubernetes Service", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0", + "version_value": "1.24" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2023/29xxx/CVE-2023-29463.json b/2023/29xxx/CVE-2023-29463.json index 255f00e208b..1af3e5eb2b6 100644 --- a/2023/29xxx/CVE-2023-29463.json +++ b/2023/29xxx/CVE-2023-29463.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Pavilion8", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<5.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590", + "refsource": "MISC", + "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.
If customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.
  1. Open the web.xml file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.
  2. Search for the text jmx-console-action-handler and delete the below lines from web.xml file:

      <servlet>
        <servlet-name>jmx-console-action-handler</servlet-name>
        <servlet-class>com.pav.jboss.jmx.HtmlAdaptorServlet</servlet-class>
      </servlet>
      <servlet-mapping>
        <servlet-name>jmx-console-action-handler</servlet-name>
        <url-pattern>/jmx-console/HtmlAdaptor</url-pattern>
      </servlet-mapping>
     
  3. Save the changes and close the file.
  4. Restart Pavilion8\u00ae Console Service.
  5. Logout and log back into the console and navigate to the URL http:// <FQDN>/jmx-console to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.

Note: <FQDN> is your fully qualified domain name used for the Console login.

\n\n
" + } + ], + "value": "\nRisk Mitigation & User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability. * Update to v5.20\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17. * Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n * Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 \n\u00a0 \u00a0 jmx-console-action-handler\n\u00a0 \u00a0 com.pav.jboss.jmx.HtmlAdaptorServlet\n\u00a0 \n\u00a0 \n\u00a0 \u00a0 jmx-console-action-handler\n\u00a0 \u00a0 /jmx-console/HtmlAdaptor\n\u00a0 \n\u00a0\n * Save the changes and close the file.\n * Restart Pavilion8\u00ae Console Service.\n * Logout and log back into the console and navigate to the URL http:// /jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: \u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33136.json b/2023/33xxx/CVE-2023-33136.json index 28d6db412a0..92348be8e42 100644 --- a/2023/33xxx/CVE-2023-33136.json +++ b/2023/33xxx/CVE-2023-33136.json @@ -1,17 +1,121 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Azure DevOps Server Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure DevOps Server 2020.0.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2020.0.0", + "version_value": "20230820.2" + } + ] + } + }, + { + "product_name": "Azure DevOps Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "20230825.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2020.1.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2020.1.0", + "version_value": "20230823.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2022.0.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.0.0", + "version_value": "20230825.4" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019.0.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2019.0.0", + "version_value": "20230601.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C" } ] } diff --git a/2023/35xxx/CVE-2023-35355.json b/2023/35xxx/CVE-2023-35355.json index 6d64a906d42..ad1f2c6369b 100644 --- a/2023/35xxx/CVE-2023-35355.json +++ b/2023/35xxx/CVE-2023-35355.json @@ -1,17 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.4851" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.4851" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.4851" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.1960" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2416" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.3448" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.2275" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.3448" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36736.json b/2023/36xxx/CVE-2023-36736.json index 375c7192926..0585dd3a9c0 100644 --- a/2023/36xxx/CVE-2023-36736.json +++ b/2023/36xxx/CVE-2023-36736.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Identity Linux Broker", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36739.json b/2023/36xxx/CVE-2023-36739.json index 8aff2888838..5d78b20f134 100644 --- a/2023/36xxx/CVE-2023-36739.json +++ b/2023/36xxx/CVE-2023-36739.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "3D Viewer Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "3D Viewer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.0.0", + "version_value": "7.2306.12012.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36740.json b/2023/36xxx/CVE-2023-36740.json index 58dab113e04..82cdde5563f 100644 --- a/2023/36xxx/CVE-2023-36740.json +++ b/2023/36xxx/CVE-2023-36740.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "3D Viewer Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "3D Viewer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.0.0", + "version_value": "7.2306.12012.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36742.json b/2023/36xxx/CVE-2023-36742.json index 4f8a537c220..5f033b83547 100644 --- a/2023/36xxx/CVE-2023-36742.json +++ b/2023/36xxx/CVE-2023-36742.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Visual Studio Code Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Visual Studio Code", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.82.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36744.json b/2023/36xxx/CVE-2023-36744.json index fd45e00ceea..bd585adcd77 100644 --- a/2023/36xxx/CVE-2023-36744.json +++ b/2023/36xxx/CVE-2023-36744.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36744", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.037" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1258.025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36745.json b/2023/36xxx/CVE-2023-36745.json index 60c5f2e1e81..95570d22ea7 100644 --- a/2023/36xxx/CVE-2023-36745.json +++ b/2023/36xxx/CVE-2023-36745.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1258.025" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.037" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.032" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36756.json b/2023/36xxx/CVE-2023-36756.json index 1007b868791..7fd11f188a1 100644 --- a/2023/36xxx/CVE-2023-36756.json +++ b/2023/36xxx/CVE-2023-36756.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1258.025" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.037" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36757.json b/2023/36xxx/CVE-2023-36757.json index 0660e0073fe..c0f812d86a5 100644 --- a/2023/36xxx/CVE-2023-36757.json +++ b/2023/36xxx/CVE-2023-36757.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Exchange Server Spoofing Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.037" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1258.025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36758.json b/2023/36xxx/CVE-2023-36758.json index f8af88e3723..3200be4933c 100644 --- a/2023/36xxx/CVE-2023-36758.json +++ b/2023/36xxx/CVE-2023-36758.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Visual Studio Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2022 version 17.7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.7.0", + "version_value": "17.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36759.json b/2023/36xxx/CVE-2023-36759.json index d7afafe66fa..d5a3c2161a4 100644 --- a/2023/36xxx/CVE-2023-36759.json +++ b/2023/36xxx/CVE-2023-36759.json @@ -1,17 +1,121 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Visual Studio Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2022 version 17.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.2.0", + "version_value": "17.2.19" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.11.0", + "version_value": "16.11.30" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.4.0", + "version_value": "17.4.11" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.7.0", + "version_value": "17.7.4" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.6.0", + "version_value": "17.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 6.7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36760.json b/2023/36xxx/CVE-2023-36760.json index 236291cb8f8..062f98c3bee 100644 --- a/2023/36xxx/CVE-2023-36760.json +++ b/2023/36xxx/CVE-2023-36760.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "3D Viewer Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "3D Viewer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.0.0", + "version_value": "7.2306.12012.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36761.json b/2023/36xxx/CVE-2023-36761.json index bbd10df6e5c..161a8ea7518 100644 --- a/2023/36xxx/CVE-2023-36761.json +++ b/2023/36xxx/CVE-2023-36761.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Word Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Word 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.5413.1000" + } + ] + } + }, + { + "product_name": "Microsoft Word 2013 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.1", + "version_value": "15.0.5589.1001" + } + ] + } + }, + { + "product_name": "Microsoft Word 2013 Service Pack 1 ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.1", + "version_value": "15.0.5589.1001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 6.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36762.json b/2023/36xxx/CVE-2023-36762.json index 4adce2fe73f..b84eb4f0372 100644 --- a/2023/36xxx/CVE-2023-36762.json +++ b/2023/36xxx/CVE-2023-36762.json @@ -1,17 +1,145 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Word Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5413.1001" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019 for Mac", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.77.23091003" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.77.23091003" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Word 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.5413.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36763.json b/2023/36xxx/CVE-2023-36763.json index 98f0bb35e48..fe9269a402a 100644 --- a/2023/36xxx/CVE-2023-36763.json +++ b/2023/36xxx/CVE-2023-36763.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Outlook Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Outlook 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5413.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36764.json b/2023/36xxx/CVE-2023-36764.json index 6daf33f64f2..572b4fb857a 100644 --- a/2023/36xxx/CVE-2023-36764.json +++ b/2023/36xxx/CVE-2023-36764.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft SharePoint Server Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5413.1001" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.10402.20016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server Subscription Edition", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.16731.20180" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36765.json b/2023/36xxx/CVE-2023-36765.json index 44ad78d2f4b..59f32d38eb8 100644 --- a/2023/36xxx/CVE-2023-36765.json +++ b/2023/36xxx/CVE-2023-36765.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Office Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2023/4xxx/CVE-2023-4919.json b/2023/4xxx/CVE-2023-4919.json new file mode 100644 index 00000000000..fbab600a560 --- /dev/null +++ b/2023/4xxx/CVE-2023-4919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file