From 9a3798d4ea111a7946f97f4c2592024b2e8e33e3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Apr 2025 18:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/21xxx/CVE-2025-21174.json | 161 +++++++++++++- 2025/21xxx/CVE-2025-21191.json | 364 ++++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21197.json | 364 ++++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21203.json | 257 +++++++++++++++++++++- 2025/21xxx/CVE-2025-21204.json | 364 ++++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21205.json | 364 ++++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21221.json | 364 ++++++++++++++++++++++++++++++- 2025/21xxx/CVE-2025-21222.json | 364 ++++++++++++++++++++++++++++++- 2025/24xxx/CVE-2025-24058.json | 209 +++++++++++++++++- 2025/24xxx/CVE-2025-24060.json | 209 +++++++++++++++++- 2025/24xxx/CVE-2025-24062.json | 173 ++++++++++++++- 2025/24xxx/CVE-2025-24073.json | 256 +++++++++++++++++++++- 2025/24xxx/CVE-2025-24074.json | 209 +++++++++++++++++- 2025/25xxx/CVE-2025-25002.json | 65 +++++- 2025/26xxx/CVE-2025-26628.json | 65 +++++- 2025/26xxx/CVE-2025-26635.json | 173 ++++++++++++++- 2025/26xxx/CVE-2025-26637.json | 280 +++++++++++++++++++++++- 2025/26xxx/CVE-2025-26639.json | 178 ++++++++++++++- 2025/26xxx/CVE-2025-26640.json | 202 ++++++++++++++++- 2025/26xxx/CVE-2025-26641.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26642.json | 200 ++++++++++++++++- 2025/26xxx/CVE-2025-26644.json | 185 +++++++++++++++- 2025/26xxx/CVE-2025-26647.json | 257 +++++++++++++++++++++- 2025/26xxx/CVE-2025-26648.json | 333 +++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26649.json | 154 ++++++++++++- 2025/26xxx/CVE-2025-26651.json | 149 ++++++++++++- 2025/26xxx/CVE-2025-26652.json | 161 +++++++++++++- 2025/26xxx/CVE-2025-26663.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26664.json | 257 +++++++++++++++++++++- 2025/26xxx/CVE-2025-26665.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26666.json | 209 +++++++++++++++++- 2025/26xxx/CVE-2025-26667.json | 257 +++++++++++++++++++++- 2025/26xxx/CVE-2025-26668.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26669.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26670.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26671.json | 226 ++++++++++++++++++- 2025/26xxx/CVE-2025-26672.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26673.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26674.json | 209 +++++++++++++++++- 2025/26xxx/CVE-2025-26675.json | 173 ++++++++++++++- 2025/26xxx/CVE-2025-26676.json | 257 +++++++++++++++++++++- 2025/26xxx/CVE-2025-26678.json | 209 +++++++++++++++++- 2025/26xxx/CVE-2025-26679.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26680.json | 161 +++++++++++++- 2025/26xxx/CVE-2025-26681.json | 173 ++++++++++++++- 2025/26xxx/CVE-2025-26682.json | 125 ++++++++++- 2025/26xxx/CVE-2025-26686.json | 364 ++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26687.json | 388 ++++++++++++++++++++++++++++++++- 2025/26xxx/CVE-2025-26688.json | 304 +++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27467.json | 197 ++++++++++++++++- 2025/27xxx/CVE-2025-27469.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27470.json | 161 +++++++++++++- 2025/27xxx/CVE-2025-27471.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27472.json | 112 +++++++++- 2025/27xxx/CVE-2025-27473.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27474.json | 257 +++++++++++++++++++++- 2025/27xxx/CVE-2025-27475.json | 101 ++++++++- 2025/27xxx/CVE-2025-27476.json | 197 ++++++++++++++++- 2025/27xxx/CVE-2025-27477.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27478.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27479.json | 197 ++++++++++++++++- 2025/27xxx/CVE-2025-27480.json | 197 ++++++++++++++++- 2025/27xxx/CVE-2025-27481.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27482.json | 149 ++++++++++++- 2025/27xxx/CVE-2025-27483.json | 160 +++++++++++++- 2025/27xxx/CVE-2025-27484.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27485.json | 161 +++++++++++++- 2025/27xxx/CVE-2025-27486.json | 161 +++++++++++++- 2025/27xxx/CVE-2025-27487.json | 352 +++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27489.json | 77 ++++++- 2025/27xxx/CVE-2025-27490.json | 178 ++++++++++++++- 2025/27xxx/CVE-2025-27491.json | 256 +++++++++++++++++++++- 2025/27xxx/CVE-2025-27492.json | 154 ++++++++++++- 2025/27xxx/CVE-2025-27727.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27728.json | 89 +++++++- 2025/27xxx/CVE-2025-27729.json | 149 ++++++++++++- 2025/27xxx/CVE-2025-27730.json | 202 ++++++++++++++++- 2025/27xxx/CVE-2025-27731.json | 209 +++++++++++++++++- 2025/27xxx/CVE-2025-27732.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27733.json | 244 ++++++++++++++++++++- 2025/27xxx/CVE-2025-27735.json | 256 +++++++++++++++++++++- 2025/27xxx/CVE-2025-27736.json | 245 ++++++++++++++++++++- 2025/27xxx/CVE-2025-27737.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27738.json | 304 +++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27739.json | 209 +++++++++++++++++- 2025/27xxx/CVE-2025-27740.json | 257 +++++++++++++++++++++- 2025/27xxx/CVE-2025-27741.json | 244 ++++++++++++++++++++- 2025/27xxx/CVE-2025-27742.json | 364 ++++++++++++++++++++++++++++++- 2025/27xxx/CVE-2025-27743.json | 218 +++++++++++++++++- 2025/27xxx/CVE-2025-27744.json | 65 +++++- 2025/27xxx/CVE-2025-27745.json | 135 +++++++++++- 2025/27xxx/CVE-2025-27746.json | 159 +++++++++++++- 2025/27xxx/CVE-2025-27747.json | 159 +++++++++++++- 2025/27xxx/CVE-2025-27748.json | 135 +++++++++++- 2025/27xxx/CVE-2025-27749.json | 135 +++++++++++- 2025/27xxx/CVE-2025-27750.json | 135 +++++++++++- 96 files changed, 22884 insertions(+), 384 deletions(-) diff --git a/2025/21xxx/CVE-2025-21174.json b/2025/21xxx/CVE-2025-21174.json index 8691ed77764..2f570d618ba 100644 --- a/2025/21xxx/CVE-2025-21174.json +++ b/2025/21xxx/CVE-2025-21174.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21174", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21174" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21191.json b/2025/21xxx/CVE-2025-21191.json index 750595db4e9..6073ab77efb 100644 --- a/2025/21xxx/CVE-2025-21191.json +++ b/2025/21xxx/CVE-2025-21191.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21191", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21191" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21197.json b/2025/21xxx/CVE-2025-21197.json index ef13e7854b1..53ce6060b02 100644 --- a/2025/21xxx/CVE-2025-21197.json +++ b/2025/21xxx/CVE-2025-21197.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21197", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21197" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21203.json b/2025/21xxx/CVE-2025-21203.json index 5c81905acf0..a7f23025b51 100644 --- a/2025/21xxx/CVE-2025-21203.json +++ b/2025/21xxx/CVE-2025-21203.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21203", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21203" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21204.json b/2025/21xxx/CVE-2025-21204.json index 8ba7f2c9f88..fcc0b67a90a 100644 --- a/2025/21xxx/CVE-2025-21204.json +++ b/2025/21xxx/CVE-2025-21204.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21205.json b/2025/21xxx/CVE-2025-21205.json index 394c7d608a7..5e520550d2b 100644 --- a/2025/21xxx/CVE-2025-21205.json +++ b/2025/21xxx/CVE-2025-21205.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21205", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21205" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21221.json b/2025/21xxx/CVE-2025-21221.json index b97c0dc990d..e35a8b0f9b6 100644 --- a/2025/21xxx/CVE-2025-21221.json +++ b/2025/21xxx/CVE-2025-21221.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21221", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21221" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/21xxx/CVE-2025-21222.json b/2025/21xxx/CVE-2025-21222.json index ac3e4888858..ec339b58492 100644 --- a/2025/21xxx/CVE-2025-21222.json +++ b/2025/21xxx/CVE-2025-21222.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21222", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21222" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24058.json b/2025/24xxx/CVE-2025-24058.json index 4f66263dc9d..9aada4a320d 100644 --- a/2025/24xxx/CVE-2025-24058.json +++ b/2025/24xxx/CVE-2025-24058.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24058", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24058" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24060.json b/2025/24xxx/CVE-2025-24060.json index 9d56dcc895d..0f903b84078 100644 --- a/2025/24xxx/CVE-2025-24060.json +++ b/2025/24xxx/CVE-2025-24060.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24060", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24060" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24062.json b/2025/24xxx/CVE-2025-24062.json index 81494899f61..558af3b53fc 100644 --- a/2025/24xxx/CVE-2025-24062.json +++ b/2025/24xxx/CVE-2025-24062.json @@ -1,17 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24062", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24062" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24073.json b/2025/24xxx/CVE-2025-24073.json index 5682b81c580..5d4e0b66578 100644 --- a/2025/24xxx/CVE-2025-24073.json +++ b/2025/24xxx/CVE-2025-24073.json @@ -1,17 +1,265 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24073", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24073" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/24xxx/CVE-2025-24074.json b/2025/24xxx/CVE-2025-24074.json index b2aa3cbabb2..33100deb526 100644 --- a/2025/24xxx/CVE-2025-24074.json +++ b/2025/24xxx/CVE-2025-24074.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24074", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24074", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24074" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/25xxx/CVE-2025-25002.json b/2025/25xxx/CVE-2025-25002.json index 3b0cc56cb3f..52395f679d1 100644 --- a/2025/25xxx/CVE-2025-25002.json +++ b/2025/25xxx/CVE-2025-25002.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Local Cluster", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "2411.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26628.json b/2025/26xxx/CVE-2025-26628.json index 07496c00548..202591340e7 100644 --- a/2025/26xxx/CVE-2025-26628.json +++ b/2025/26xxx/CVE-2025-26628.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Local Cluster", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "2411.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26628", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26628" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26635.json b/2025/26xxx/CVE-2025-26635.json index ddb7e018bb9..73be8bed23b 100644 --- a/2025/26xxx/CVE-2025-26635.json +++ b/2025/26xxx/CVE-2025-26635.json @@ -1,17 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1390: Weak Authentication", + "cweId": "CWE-1390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26635", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26635" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26637.json b/2025/26xxx/CVE-2025-26637.json index c484499ba94..00db4e34338 100644 --- a/2025/26xxx/CVE-2025-26637.json +++ b/2025/26xxx/CVE-2025-26637.json @@ -1,17 +1,289 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26637", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26637" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26639.json b/2025/26xxx/CVE-2025-26639.json index e2a66f8cf36..b3dd3f61627 100644 --- a/2025/26xxx/CVE-2025-26639.json +++ b/2025/26xxx/CVE-2025-26639.json @@ -1,17 +1,187 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + }, + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26639", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26639" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26640.json b/2025/26xxx/CVE-2025-26640.json index 32eba38bbae..5c2fc000b81 100644 --- a/2025/26xxx/CVE-2025-26640.json +++ b/2025/26xxx/CVE-2025-26640.json @@ -1,17 +1,211 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + }, + { + "lang": "eng", + "value": "CWE-415: Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26640", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26640" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26641.json b/2025/26xxx/CVE-2025-26641.json index baef068aca3..721424936c2 100644 --- a/2025/26xxx/CVE-2025-26641.json +++ b/2025/26xxx/CVE-2025-26641.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26641", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26641" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26642.json b/2025/26xxx/CVE-2025-26642.json index 5f33dbe0c5c..b96850d80b1 100644 --- a/2025/26xxx/CVE-2025-26642.json +++ b/2025/26xxx/CVE-2025-26642.json @@ -1,17 +1,209 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + }, + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.0.10417.20003" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.10417.20003" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + }, + { + "product_name": "Microsoft Access 2016 (32-bit edition)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + }, + { + "product_name": "Microsoft Access 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26642", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26642" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26644.json b/2025/26xxx/CVE-2025-26644.json index ceaac1e5dce..0f2ef5c2ac0 100644 --- a/2025/26xxx/CVE-2025-26644.json +++ b/2025/26xxx/CVE-2025-26644.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1039: Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations", + "cweId": "CWE-1039" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26644", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26644" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.1, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26647.json b/2025/26xxx/CVE-2025-26647.json index 37b5a93e1f9..7d25b848d4a 100644 --- a/2025/26xxx/CVE-2025-26647.json +++ b/2025/26xxx/CVE-2025-26647.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26647", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26647" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26648.json b/2025/26xxx/CVE-2025-26648.json index f2b94def665..b1491a00cb1 100644 --- a/2025/26xxx/CVE-2025-26648.json +++ b/2025/26xxx/CVE-2025-26648.json @@ -1,17 +1,342 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + }, + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26648", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26648" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26649.json b/2025/26xxx/CVE-2025-26649.json index 27bce512b07..113eafbad57 100644 --- a/2025/26xxx/CVE-2025-26649.json +++ b/2025/26xxx/CVE-2025-26649.json @@ -1,17 +1,163 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + }, + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26649", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26649" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26651.json b/2025/26xxx/CVE-2025-26651.json index a7f5fc858b0..e8fd8ae8d42 100644 --- a/2025/26xxx/CVE-2025-26651.json +++ b/2025/26xxx/CVE-2025-26651.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-749: Exposed Dangerous Method or Function", + "cweId": "CWE-749" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26651", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26651" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26652.json b/2025/26xxx/CVE-2025-26652.json index 182afca317a..90e09f755c5 100644 --- a/2025/26xxx/CVE-2025-26652.json +++ b/2025/26xxx/CVE-2025-26652.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26652", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26652" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26663.json b/2025/26xxx/CVE-2025-26663.json index e786da5a590..0b69e0a6f96 100644 --- a/2025/26xxx/CVE-2025-26663.json +++ b/2025/26xxx/CVE-2025-26663.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26663", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26663" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26664.json b/2025/26xxx/CVE-2025-26664.json index 791229030c0..d39addd8d2b 100644 --- a/2025/26xxx/CVE-2025-26664.json +++ b/2025/26xxx/CVE-2025-26664.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26664", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26664" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26665.json b/2025/26xxx/CVE-2025-26665.json index 6261a140144..75e1af11e63 100644 --- a/2025/26xxx/CVE-2025-26665.json +++ b/2025/26xxx/CVE-2025-26665.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26665", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26665" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26666.json b/2025/26xxx/CVE-2025-26666.json index 2d3e6c1458d..a6ec659778f 100644 --- a/2025/26xxx/CVE-2025-26666.json +++ b/2025/26xxx/CVE-2025-26666.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26666", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26666" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26667.json b/2025/26xxx/CVE-2025-26667.json index 3dd43ce66e3..2e855ff6012 100644 --- a/2025/26xxx/CVE-2025-26667.json +++ b/2025/26xxx/CVE-2025-26667.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26667", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26667" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26668.json b/2025/26xxx/CVE-2025-26668.json index 986cd81dd2f..2d0235090bc 100644 --- a/2025/26xxx/CVE-2025-26668.json +++ b/2025/26xxx/CVE-2025-26668.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26668", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26668" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26669.json b/2025/26xxx/CVE-2025-26669.json index 1abfb2fbd80..77a6514b282 100644 --- a/2025/26xxx/CVE-2025-26669.json +++ b/2025/26xxx/CVE-2025-26669.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26669", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26669" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26670.json b/2025/26xxx/CVE-2025-26670.json index 3ade35ebf76..32626f4b194 100644 --- a/2025/26xxx/CVE-2025-26670.json +++ b/2025/26xxx/CVE-2025-26670.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26670", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26670" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26671.json b/2025/26xxx/CVE-2025-26671.json index 3b9218cd36e..09f74b2ae94 100644 --- a/2025/26xxx/CVE-2025-26671.json +++ b/2025/26xxx/CVE-2025-26671.json @@ -1,17 +1,235 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + }, + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26671", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26671" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26672.json b/2025/26xxx/CVE-2025-26672.json index a12a3123de0..b1913fa4342 100644 --- a/2025/26xxx/CVE-2025-26672.json +++ b/2025/26xxx/CVE-2025-26672.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26672", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26672" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26673.json b/2025/26xxx/CVE-2025-26673.json index 557791e5bb5..fd2846faed5 100644 --- a/2025/26xxx/CVE-2025-26673.json +++ b/2025/26xxx/CVE-2025-26673.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26673", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26673" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26674.json b/2025/26xxx/CVE-2025-26674.json index e10b2173435..322c481b4c6 100644 --- a/2025/26xxx/CVE-2025-26674.json +++ b/2025/26xxx/CVE-2025-26674.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26674", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26674" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26675.json b/2025/26xxx/CVE-2025-26675.json index 8fd8e63da02..2eca1f7a024 100644 --- a/2025/26xxx/CVE-2025-26675.json +++ b/2025/26xxx/CVE-2025-26675.json @@ -1,17 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26675", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26675" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26676.json b/2025/26xxx/CVE-2025-26676.json index 323ab73019b..df14b04e892 100644 --- a/2025/26xxx/CVE-2025-26676.json +++ b/2025/26xxx/CVE-2025-26676.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26676", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26676" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26678.json b/2025/26xxx/CVE-2025-26678.json index f3b2a350a3f..a19583fbb87 100644 --- a/2025/26xxx/CVE-2025-26678.json +++ b/2025/26xxx/CVE-2025-26678.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26678", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26678" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26679.json b/2025/26xxx/CVE-2025-26679.json index dbc5a6901ef..de9a034c663 100644 --- a/2025/26xxx/CVE-2025-26679.json +++ b/2025/26xxx/CVE-2025-26679.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26679", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26679" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26680.json b/2025/26xxx/CVE-2025-26680.json index d16b6f8fd53..5fc1b1ef4bd 100644 --- a/2025/26xxx/CVE-2025-26680.json +++ b/2025/26xxx/CVE-2025-26680.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26680", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26680" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26681.json b/2025/26xxx/CVE-2025-26681.json index 296a64c4a4b..907ab2e2b82 100644 --- a/2025/26xxx/CVE-2025-26681.json +++ b/2025/26xxx/CVE-2025-26681.json @@ -1,17 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26681", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26681" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26682.json b/2025/26xxx/CVE-2025-26682.json index 4d91121a28b..bbc2d6f7225 100644 --- a/2025/26xxx/CVE-2025-26682.json +++ b/2025/26xxx/CVE-2025-26682.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core 8.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "8.0.16" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0", + "version_value": "17.12.7" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.13", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.13.6" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.8.0", + "version_value": "17.8.20" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.10", + "version_value": "17.10.13" + } + ] + } + }, + { + "product_name": "ASP.NET Core 9.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "9.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26686.json b/2025/26xxx/CVE-2025-26686.json index 606915a0b1a..444c789296c 100644 --- a/2025/26xxx/CVE-2025-26686.json +++ b/2025/26xxx/CVE-2025-26686.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26686", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26686" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26687.json b/2025/26xxx/CVE-2025-26687.json index 242199bac9a..b6f2d21c136 100644 --- a/2025/26xxx/CVE-2025-26687.json +++ b/2025/26xxx/CVE-2025-26687.json @@ -1,17 +1,397 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Microsoft Office for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.18730.20000" + } + ] + } + }, + { + "product_name": "Microsoft Office for Universal", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.14326.22331" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26687", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26687" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/26xxx/CVE-2025-26688.json b/2025/26xxx/CVE-2025-26688.json index cebe8b65544..538bd855c95 100644 --- a/2025/26xxx/CVE-2025-26688.json +++ b/2025/26xxx/CVE-2025-26688.json @@ -1,17 +1,313 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26688", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26688" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27467.json b/2025/27xxx/CVE-2025-27467.json index 8488fcbb607..d5c0d962128 100644 --- a/2025/27xxx/CVE-2025-27467.json +++ b/2025/27xxx/CVE-2025-27467.json @@ -1,17 +1,206 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27467", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27467" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27469.json b/2025/27xxx/CVE-2025-27469.json index bc1097d5bc4..fe2792017a2 100644 --- a/2025/27xxx/CVE-2025-27469.json +++ b/2025/27xxx/CVE-2025-27469.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27469", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27469" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27470.json b/2025/27xxx/CVE-2025-27470.json index a58d317e04d..802c19f447c 100644 --- a/2025/27xxx/CVE-2025-27470.json +++ b/2025/27xxx/CVE-2025-27470.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27470", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27470" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27471.json b/2025/27xxx/CVE-2025-27471.json index c1bb9c59fba..052ea3698b6 100644 --- a/2025/27xxx/CVE-2025-27471.json +++ b/2025/27xxx/CVE-2025-27471.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27471", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27471", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27471" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27472.json b/2025/27xxx/CVE-2025-27472.json index dcca5fefee3..4b336ceeb5b 100644 --- a/2025/27xxx/CVE-2025-27472.json +++ b/2025/27xxx/CVE-2025-27472.json @@ -1,17 +1,121 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27472", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27472", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27472" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27473.json b/2025/27xxx/CVE-2025-27473.json index d97c763d5b3..d04e31358aa 100644 --- a/2025/27xxx/CVE-2025-27473.json +++ b/2025/27xxx/CVE-2025-27473.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27473", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27473" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27474.json b/2025/27xxx/CVE-2025-27474.json index 8578afdc5e8..a4d1326f3f6 100644 --- a/2025/27xxx/CVE-2025-27474.json +++ b/2025/27xxx/CVE-2025-27474.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource", + "cweId": "CWE-908" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27474", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27474" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27475.json b/2025/27xxx/CVE-2025-27475.json index b4ecda52ea1..bc4cbc4a04f 100644 --- a/2025/27xxx/CVE-2025-27475.json +++ b/2025/27xxx/CVE-2025-27475.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27475", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27475" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27476.json b/2025/27xxx/CVE-2025-27476.json index bd38e49e17b..969d2673501 100644 --- a/2025/27xxx/CVE-2025-27476.json +++ b/2025/27xxx/CVE-2025-27476.json @@ -1,17 +1,206 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27476", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27476" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27477.json b/2025/27xxx/CVE-2025-27477.json index 22b8e8e5b32..2a4e4260003 100644 --- a/2025/27xxx/CVE-2025-27477.json +++ b/2025/27xxx/CVE-2025-27477.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27477", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27477" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27478.json b/2025/27xxx/CVE-2025-27478.json index 74dd2220621..51ff4a0648f 100644 --- a/2025/27xxx/CVE-2025-27478.json +++ b/2025/27xxx/CVE-2025-27478.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27478", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27478" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27479.json b/2025/27xxx/CVE-2025-27479.json index 22266d4eec0..b1b303dd154 100644 --- a/2025/27xxx/CVE-2025-27479.json +++ b/2025/27xxx/CVE-2025-27479.json @@ -1,17 +1,206 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-410: Insufficient Resource Pool", + "cweId": "CWE-410" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27479", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27479" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27480.json b/2025/27xxx/CVE-2025-27480.json index 0ee029f14f4..2ef5e26fdab 100644 --- a/2025/27xxx/CVE-2025-27480.json +++ b/2025/27xxx/CVE-2025-27480.json @@ -1,17 +1,206 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27480", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27480" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27481.json b/2025/27xxx/CVE-2025-27481.json index 37f76a844f9..0dbcff84307 100644 --- a/2025/27xxx/CVE-2025-27481.json +++ b/2025/27xxx/CVE-2025-27481.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27481", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27481" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27482.json b/2025/27xxx/CVE-2025-27482.json index d03976d1543..b75d486fad3 100644 --- a/2025/27xxx/CVE-2025-27482.json +++ b/2025/27xxx/CVE-2025-27482.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27482", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27482" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27483.json b/2025/27xxx/CVE-2025-27483.json index 041f1d8a25b..99486f23799 100644 --- a/2025/27xxx/CVE-2025-27483.json +++ b/2025/27xxx/CVE-2025-27483.json @@ -1,17 +1,169 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27483", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27484.json b/2025/27xxx/CVE-2025-27484.json index e5a175d46b1..67413389643 100644 --- a/2025/27xxx/CVE-2025-27484.json +++ b/2025/27xxx/CVE-2025-27484.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27484", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27484", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27484" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27485.json b/2025/27xxx/CVE-2025-27485.json index 20f788d6138..1a178ed849a 100644 --- a/2025/27xxx/CVE-2025-27485.json +++ b/2025/27xxx/CVE-2025-27485.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27485", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27485" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27486.json b/2025/27xxx/CVE-2025-27486.json index b39914e54e8..34e00915170 100644 --- a/2025/27xxx/CVE-2025-27486.json +++ b/2025/27xxx/CVE-2025-27486.json @@ -1,17 +1,170 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27486", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27486" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27487.json b/2025/27xxx/CVE-2025-27487.json index 17591f80cef..06ace056197 100644 --- a/2025/27xxx/CVE-2025-27487.json +++ b/2025/27xxx/CVE-2025-27487.json @@ -1,17 +1,361 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows App Client for Windows Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.00", + "version_value": "2.0.379.0" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Remote Desktop client for Windows Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.0.0", + "version_value": "1.2.6081.0" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27487", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27487" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27489.json b/2025/27xxx/CVE-2025-27489.json index f214172f51b..55a9b52aaa3 100644 --- a/2025/27xxx/CVE-2025-27489.json +++ b/2025/27xxx/CVE-2025-27489.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Stack OS HCI", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20349.0", + "version_value": "10.0.20348.3328" + } + ] + } + }, + { + "product_name": "Azure Stack HCI OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1486" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27489", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27489" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27490.json b/2025/27xxx/CVE-2025-27490.json index aed70af50a5..a2d375d0215 100644 --- a/2025/27xxx/CVE-2025-27490.json +++ b/2025/27xxx/CVE-2025-27490.json @@ -1,17 +1,187 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + }, + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27490", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27490" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27491.json b/2025/27xxx/CVE-2025-27491.json index 546fc19c54b..e38068b7d2c 100644 --- a/2025/27xxx/CVE-2025-27491.json +++ b/2025/27xxx/CVE-2025-27491.json @@ -1,17 +1,265 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27491", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27491" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27492.json b/2025/27xxx/CVE-2025-27492.json index 699463d9e41..331f26cb54c 100644 --- a/2025/27xxx/CVE-2025-27492.json +++ b/2025/27xxx/CVE-2025-27492.json @@ -1,17 +1,163 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + }, + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27492", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27492" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27727.json b/2025/27xxx/CVE-2025-27727.json index 91cb4b54aa6..a1fa8331b8d 100644 --- a/2025/27xxx/CVE-2025-27727.json +++ b/2025/27xxx/CVE-2025-27727.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27727", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27727" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27728.json b/2025/27xxx/CVE-2025-27728.json index 81e75b6b319..a0e31e83c2d 100644 --- a/2025/27xxx/CVE-2025-27728.json +++ b/2025/27xxx/CVE-2025-27728.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27728", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27728" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27729.json b/2025/27xxx/CVE-2025-27729.json index d5831120270..0cf885a620f 100644 --- a/2025/27xxx/CVE-2025-27729.json +++ b/2025/27xxx/CVE-2025-27729.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Shell allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27729", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27729" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27730.json b/2025/27xxx/CVE-2025-27730.json index 262257e9136..a999f163d71 100644 --- a/2025/27xxx/CVE-2025-27730.json +++ b/2025/27xxx/CVE-2025-27730.json @@ -1,17 +1,211 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + }, + { + "lang": "eng", + "value": "CWE-415: Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27730", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27730" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27731.json b/2025/27xxx/CVE-2025-27731.json index a00866cd25f..ca91f661db6 100644 --- a/2025/27xxx/CVE-2025-27731.json +++ b/2025/27xxx/CVE-2025-27731.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27731", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27731" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27732.json b/2025/27xxx/CVE-2025-27732.json index 3661d302a6b..c6225c42dcf 100644 --- a/2025/27xxx/CVE-2025-27732.json +++ b/2025/27xxx/CVE-2025-27732.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", + "cweId": "CWE-591" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27732", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27732" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27733.json b/2025/27xxx/CVE-2025-27733.json index 97e82aa5ccc..47856f557c9 100644 --- a/2025/27xxx/CVE-2025-27733.json +++ b/2025/27xxx/CVE-2025-27733.json @@ -1,17 +1,253 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27733", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27733" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27735.json b/2025/27xxx/CVE-2025-27735.json index 195b6074cb7..f78fac9e6fc 100644 --- a/2025/27xxx/CVE-2025-27735.json +++ b/2025/27xxx/CVE-2025-27735.json @@ -1,17 +1,265 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27735", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27735" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27736.json b/2025/27xxx/CVE-2025-27736.json index bad3fda1f24..ad497f11075 100644 --- a/2025/27xxx/CVE-2025-27736.json +++ b/2025/27xxx/CVE-2025-27736.json @@ -1,17 +1,254 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27736", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27736" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27737.json b/2025/27xxx/CVE-2025-27737.json index ab1b6e78219..ed9d86030ef 100644 --- a/2025/27xxx/CVE-2025-27737.json +++ b/2025/27xxx/CVE-2025-27737.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27737", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27737" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.6, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27738.json b/2025/27xxx/CVE-2025-27738.json index 71936346627..7487e8f214a 100644 --- a/2025/27xxx/CVE-2025-27738.json +++ b/2025/27xxx/CVE-2025-27738.json @@ -1,17 +1,313 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27739.json b/2025/27xxx/CVE-2025-27739.json index 9bf1b6384ba..121f9688052 100644 --- a/2025/27xxx/CVE-2025-27739.json +++ b/2025/27xxx/CVE-2025-27739.json @@ -1,17 +1,218 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-822: Untrusted Pointer Dereference", + "cweId": "CWE-822" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27739", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27739" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27740.json b/2025/27xxx/CVE-2025-27740.json index 2ae5ac65e13..92f9c994dd3 100644 --- a/2025/27xxx/CVE-2025-27740.json +++ b/2025/27xxx/CVE-2025-27740.json @@ -1,17 +1,266 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1390: Weak Authentication", + "cweId": "CWE-1390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27740", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27740" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27741.json b/2025/27xxx/CVE-2025-27741.json index ba808d6656a..88c64065db5 100644 --- a/2025/27xxx/CVE-2025-27741.json +++ b/2025/27xxx/CVE-2025-27741.json @@ -1,17 +1,253 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27741", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27741" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27742.json b/2025/27xxx/CVE-2025-27742.json index 76b10b0b4c8..40d51a2780e 100644 --- a/2025/27xxx/CVE-2025-27742.json +++ b/2025/27xxx/CVE-2025-27742.json @@ -1,17 +1,373 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.17763.0", + "version_value": "10.0.17763.7137" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.20348.0", + "version_value": "10.0.20348.3454" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19043.0", + "version_value": "10.0.19044.5737" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22621.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.19045.0", + "version_value": "10.0.19045.5737" + } + ] + } + }, + { + "product_name": "Windows Server 2025 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22621.5191" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.22631.0", + "version_value": "10.0.22631.5191" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.25398.0", + "version_value": "10.0.25398.1551" + } + ] + } + }, + { + "product_name": "Windows 11 Version 24H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows Server 2025", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.26100.0", + "version_value": "10.0.26100.3775" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.14393.0", + "version_value": "10.0.14393.7970" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.6003.0", + "version_value": "6.0.6003.23220" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.7601.0", + "version_value": "6.1.7601.27670" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.9200.0", + "version_value": "6.2.9200.25423" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.9600.0", + "version_value": "6.3.9600.22523" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27742", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27742" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27743.json b/2025/27xxx/CVE-2025-27743.json index 90cf798bfb0..42bffb8ee31 100644 --- a/2025/27xxx/CVE-2025-27743.json +++ b/2025/27xxx/CVE-2025-27743.json @@ -1,17 +1,227 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted search path in System Center allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "System Center Virtual Machine Manager 2022", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Virtual Machine Manager 2019", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Virtual Machine Manager 2025", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Data Protection Manager 2025", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Data Protection Manager 2022", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Data Protection Manager 2019", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Orchestrator 2019", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Orchestrator 2022", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Orchestrator 2025", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Service Manager 2019", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Service Manager 2022", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Service Manager 2025", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Operations Manager 2019", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Operations Manager 2022", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "System Center Operations Manager 2025", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27744.json b/2025/27xxx/CVE-2025-27744.json index 72b815d1a2a..e2d0e1a3545 100644 --- a/2025/27xxx/CVE-2025-27744.json +++ b/2025/27xxx/CVE-2025-27744.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27744", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27744", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27744" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27745.json b/2025/27xxx/CVE-2025-27745.json index d5b4886f2ce..a8637d68496 100644 --- a/2025/27xxx/CVE-2025-27745.json +++ b/2025/27xxx/CVE-2025-27745.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27745", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27745" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27746.json b/2025/27xxx/CVE-2025-27746.json index 08249c9c075..f280574c812 100644 --- a/2025/27xxx/CVE-2025-27746.json +++ b/2025/27xxx/CVE-2025-27746.json @@ -1,17 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "16.0.10417.20003" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "SharePoint Server Subscription Edition Language Pack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.10417.20003" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27746", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27746" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27747.json b/2025/27xxx/CVE-2025-27747.json index 64f16ee14c1..0cae2def6bb 100644 --- a/2025/27xxx/CVE-2025-27747.json +++ b/2025/27xxx/CVE-2025-27747.json @@ -1,17 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-822: Untrusted Pointer Dereference", + "cweId": "CWE-822" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1002" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.10417.20003" + } + ] + } + }, + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Word 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.5495.1002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27747", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27747" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27748.json b/2025/27xxx/CVE-2025-27748.json index 9e0ec306431..d8a0c80e97b 100644 --- a/2025/27xxx/CVE-2025-27748.json +++ b/2025/27xxx/CVE-2025-27748.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27748", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27748" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27749.json b/2025/27xxx/CVE-2025-27749.json index 2db856a08a1..93492db7efb 100644 --- a/2025/27xxx/CVE-2025-27749.json +++ b/2025/27xxx/CVE-2025-27749.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5495.1002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27749", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27749" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2025/27xxx/CVE-2025-27750.json b/2025/27xxx/CVE-2025-27750.json index 09fccfcf308..19342648c4d 100644 --- a/2025/27xxx/CVE-2025-27750.json +++ b/2025/27xxx/CVE-2025-27750.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2021", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC for Mac 2024", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Microsoft Excel 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0.0", + "version_value": "16.0.5495.1000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27750", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27750" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] }