diff --git a/2024/49xxx/CVE-2024-49014.json b/2024/49xxx/CVE-2024-49014.json index 15eec37c800..accd5fd640d 100644 --- a/2024/49xxx/CVE-2024-49014.json +++ b/2024/49xxx/CVE-2024-49014.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Server Native Client Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-415: Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49015.json b/2024/49xxx/CVE-2024-49015.json index 4cd708ab32a..f2081d43e6c 100644 --- a/2024/49xxx/CVE-2024-49015.json +++ b/2024/49xxx/CVE-2024-49015.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Server Native Client Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49016.json b/2024/49xxx/CVE-2024-49016.json index 4119dc3f2b3..7cd406e2b25 100644 --- a/2024/49xxx/CVE-2024-49016.json +++ b/2024/49xxx/CVE-2024-49016.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Server Native Client Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49017.json b/2024/49xxx/CVE-2024-49017.json index 1cb6af54292..1824631d709 100644 --- a/2024/49xxx/CVE-2024-49017.json +++ b/2024/49xxx/CVE-2024-49017.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49017", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Server Native Client Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49018.json b/2024/49xxx/CVE-2024-49018.json index af6017ff88d..c2d50833fff 100644 --- a/2024/49xxx/CVE-2024-49018.json +++ b/2024/49xxx/CVE-2024-49018.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Server Native Client Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-197: Numeric Truncation Error", + "cweId": "CWE-197" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49019.json b/2024/49xxx/CVE-2024-49019.json index ca8ef2a95c5..5e71049b9ae 100644 --- a/2024/49xxx/CVE-2024-49019.json +++ b/2024/49xxx/CVE-2024-49019.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49019", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Active Directory Certificate Services Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1390: Weak Authentication", + "cweId": "CWE-1390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2849" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.1251" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22966" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22966" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22966" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.0", + "version_value": "6.1.7601.27415" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.27415" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.25165" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.25165" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.22267" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.22267" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49021.json b/2024/49xxx/CVE-2024-49021.json index 6ea7dcf8587..a5d7260f881 100644 --- a/2024/49xxx/CVE-2024-49021.json +++ b/2024/49xxx/CVE-2024-49021.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49021", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft SQL Server Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2022 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.1135.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2022 for (CU 15)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.4155.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49026.json b/2024/49xxx/CVE-2024-49026.json index 79585ba7bc9..87af0eb5425 100644 --- a/2024/49xxx/CVE-2024-49026.json +++ b/2024/49xxx/CVE-2024-49026.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.10416.20007" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016 Click-to-Run (C2R)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5474.1001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49027.json b/2024/49xxx/CVE-2024-49027.json index 33f3ce62daf..98eb9148181 100644 --- a/2024/49xxx/CVE-2024-49027.json +++ b/2024/49xxx/CVE-2024-49027.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5474.1001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49028.json b/2024/49xxx/CVE-2024-49028.json index 971110e664e..7c230995d4b 100644 --- a/2024/49xxx/CVE-2024-49028.json +++ b/2024/49xxx/CVE-2024-49028.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5474.1001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49029.json b/2024/49xxx/CVE-2024-49029.json index 9faf1cd31f8..d7866f63bdf 100644 --- a/2024/49xxx/CVE-2024-49029.json +++ b/2024/49xxx/CVE-2024-49029.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49029", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource", + "cweId": "CWE-908" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5474.1001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49030.json b/2024/49xxx/CVE-2024-49030.json index 902bdd05935..0f0c0b091c6 100644 --- a/2024/49xxx/CVE-2024-49030.json +++ b/2024/49xxx/CVE-2024-49030.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5474.1001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49031.json b/2024/49xxx/CVE-2024-49031.json index 898afc01418..01838419365 100644 --- a/2024/49xxx/CVE-2024-49031.json +++ b/2024/49xxx/CVE-2024-49031.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Office Graphics Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5474.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49032.json b/2024/49xxx/CVE-2024-49032.json index 5412b41743d..11e5b40fbdf 100644 --- a/2024/49xxx/CVE-2024-49032.json +++ b/2024/49xxx/CVE-2024-49032.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Office Graphics Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5474.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49033.json b/2024/49xxx/CVE-2024-49033.json index 8b3e30c961d..1f0f5fb1eb2 100644 --- a/2024/49xxx/CVE-2024-49033.json +++ b/2024/49xxx/CVE-2024-49033.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49033", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Word Security Feature Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.91.24111020" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Word 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.5474.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49039.json b/2024/49xxx/CVE-2024-49039.json index 49ab1d337b5..bff5e313474 100644 --- a/2024/49xxx/CVE-2024-49039.json +++ b/2024/49xxx/CVE-2024-49039.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49039", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Task Scheduler Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2849" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.5131" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.4460" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.5131" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.4460" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.4460" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.1251" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.10240.20826" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49040.json b/2024/49xxx/CVE-2024-49040.json index 06d1caba3b2..b14d202ed26 100644 --- a/2024/49xxx/CVE-2024-49040.json +++ b/2024/49xxx/CVE-2024-49040.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49040", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Exchange Server Spoofing Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", + "cweId": "CWE-451" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 13", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1258.038" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 14", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1544.013" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.043" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49043.json b/2024/49xxx/CVE-2024-49043.json index 6f2d38036c8..09b6f4c4ae7 100644 --- a/2024/49xxx/CVE-2024-49043.json +++ b/2024/49xxx/CVE-2024-49043.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server 2017 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.2070.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.2130.3" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.6455.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.0.0", + "version_value": "13.0.7050.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2017 (CU 31)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0.0", + "version_value": "14.0.3485.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2022 (GDR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.1135.2" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2019 (CU 29)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.4410.1" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2022 for (CU 15)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.4155.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49044.json b/2024/49xxx/CVE-2024-49044.json index f27f3c474d8..621fce82508 100644 --- a/2024/49xxx/CVE-2024-49044.json +++ b/2024/49xxx/CVE-2024-49044.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Visual Studio Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2022 version 17.6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.6.0", + "version_value": "17.6.21" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.8.0", + "version_value": "17.8.16" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.10.9" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.11", + "version_value": "17.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49044", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49044" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.7, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49046.json b/2024/49xxx/CVE-2024-49046.json index de03f1eedf6..759bf526fa5 100644 --- a/2024/49xxx/CVE-2024-49046.json +++ b/2024/49xxx/CVE-2024-49046.json @@ -1,17 +1,374 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.6532" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2849" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.5131" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.4460" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.5131" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.4460" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.4460" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.1251" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.26100.2314" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.10240.20826" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.7515" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22966" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22966" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22966" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.0", + "version_value": "6.1.7601.27415" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.27415" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.25165" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.25165" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.22267" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.22267" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49046", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49046" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49048.json b/2024/49xxx/CVE-2024-49048.json index 4f4144a4bb9..bb2a46633cd 100644 --- a/2024/49xxx/CVE-2024-49048.json +++ b/2024/49xxx/CVE-2024-49048.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TorchGeo Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft TorchGeo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "0.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49049.json b/2024/49xxx/CVE-2024-49049.json index 1517db3144e..b332549f193 100644 --- a/2024/49xxx/CVE-2024-49049.json +++ b/2024/49xxx/CVE-2024-49049.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Visual Studio Code Remote Extension Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Visual Studio Code Remote - SSH Extension", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "0.115.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49049", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49049" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49050.json b/2024/49xxx/CVE-2024-49050.json index f878574f503..a22e3f45e31 100644 --- a/2024/49xxx/CVE-2024-49050.json +++ b/2024/49xxx/CVE-2024-49050.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Visual Studio Code Python Extension Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-501: Trust boundary violation", + "cweId": "CWE-501" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Python extension for Visual Studio Code", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2020", + "version_value": "2024.18.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49050", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49050" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49051.json b/2024/49xxx/CVE-2024-49051.json index 9493b8f56b2..0c86a66a364 100644 --- a/2024/49xxx/CVE-2024-49051.json +++ b/2024/49xxx/CVE-2024-49051.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft PC Manager Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft PC Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "3.14.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49051", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49051" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/49xxx/CVE-2024-49056.json b/2024/49xxx/CVE-2024-49056.json index b9f9166a1a3..2b983c69a8e 100644 --- a/2024/49xxx/CVE-2024-49056.json +++ b/2024/49xxx/CVE-2024-49056.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-302: Authentication Bypass by Assumed-Immutable Data", + "cweId": "CWE-302" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "airlift.microsoft.com", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/8xxx/CVE-2024-8354.json b/2024/8xxx/CVE-2024-8354.json index 9caf967a059..208fa2054a2 100644 --- a/2024/8xxx/CVE-2024-8354.json +++ b/2024/8xxx/CVE-2024-8354.json @@ -135,17 +135,17 @@ "impact": { "cvss": [ { - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", - "baseScore": 4.7, + "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ]