admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-13 17:00:46 +00:00
parent 6336317c81
commit c5cd54eaf4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
76 changed files with 1712 additions and 455 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2022/31xxx/CVE-2022-31635.json
View File

@ -1,18 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP PC BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See HP Security Bulletin reference for affected versions."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
}
]
},
"generator": {
"engine": "cveClient/1.0.13"
}
}

56
2022/31xxx/CVE-2022-31636.json
View File

@ -1,18 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP PC BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See HP Security Bulletin reference for affected versions."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
}
]
},
"generator": {
"engine": "cveClient/1.0.13"
}
}

56
2022/31xxx/CVE-2022-31637.json
View File

@ -1,18 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP PC BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See HP Security Bulletin reference for affected versions."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
}
]
},
"generator": {
"engine": "cveClient/1.0.13"
}
}

56
2022/31xxx/CVE-2022-31638.json
View File

@ -1,18 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP PC BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See HP Security Bulletin reference for affected versions."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
}
]
},
"generator": {
"engine": "cveClient/1.0.13"
}
}

56
2022/31xxx/CVE-2022-31639.json
View File

@ -1,18 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP PC BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See HP Security Bulletin reference for affected versions."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
}
]
},
"generator": {
"engine": "cveClient/1.0.13"
}
}

16
2022/37xxx/CVE-2022-37967.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.3650"
"version_value": "10.0.17763.4499"
}
]
}
@ -53,7 +53,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.20348.1366"
"version_value": "10.0.20348.1783"
}
]
}
@ -65,7 +65,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.14393.5501"
"version_value": "10.0.14393.5989"
}
]
}
@ -77,7 +77,7 @@
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.0.6003.21815"
"version_value": "6.0.6003.22113"
}
]
}
@ -89,12 +89,12 @@
{
"version_affected": "<",
"version_name": "6.1.0",
"version_value": "6.1.7601.26266"
"version_value": "6.1.7601.26564"
},
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.1.7601.26266"
"version_value": "6.1.7601.26564"
}
]
}
@ -106,7 +106,7 @@
{
"version_affected": "<",
"version_name": "6.2.0",
"version_value": "6.2.9200.24018"
"version_value": "6.2.9200.24314"
}
]
}
@ -118,7 +118,7 @@
{
"version_affected": "<",
"version_name": "6.3.0",
"version_value": "6.3.9600.20721"
"version_value": "6.3.9600.21013"
}
]
}

2
2022/37xxx/CVE-2022-37992.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/38xxx/CVE-2022-38015.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

5
2022/3xxx/CVE-2022-3109.json
View File

@ -63,6 +63,11 @@
"refsource": "DEBIAN",
"name": "DSA-5394",
"url": "https://www.debian.org/security/2023/dsa-5394"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html"
}
]
},

5
2022/3xxx/CVE-2022-3341.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e",
"url": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html"
}
]
},

2
2022/41xxx/CVE-2022-41039.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41045.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41047.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41048.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41049.json
View File

@ -161,7 +161,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41050.json
View File

@ -161,7 +161,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

72
2022/41xxx/CVE-2022-41051.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41051",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure RTOS GUIX Studio",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability."
"value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability"
}
]
},
@ -50,21 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Azure Real Time Operating System GUIX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0.0",
"version_value": "6.2.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.8",
"temporalScore": "6.8",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

2
2022/41xxx/CVE-2022-41053.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41054.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41055.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41056.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41057.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41058.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

5
2022/41xxx/CVE-2022-41060.json
View File

@ -54,6 +54,11 @@
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
}
]
}

5
2022/41xxx/CVE-2022-41061.json
View File

@ -131,6 +131,11 @@
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "16.67.22111300"
},
{
"version_affected": "<",
"version_name": "16.0.0",
"version_value": "16.67.22111300"
}
]
}

5
2022/41xxx/CVE-2022-41063.json
View File

@ -38,6 +38,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.1",

2
2022/41xxx/CVE-2022-41073.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

160
2022/41xxx/CVE-2022-41078.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41078",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079."
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.044"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.037"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.036"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.020"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.016"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41078",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41078"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "8.0",
"temporalScore": "7.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 8,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

160
2022/41xxx/CVE-2022-41079.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41079",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078."
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.020"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.016"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.037"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.044"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.036"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "8.0",
"temporalScore": "7.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 8,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

160
2022/41xxx/CVE-2022-41080.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41080",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.016"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.020"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.044"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.036"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.037"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "8.8",
"temporalScore": "7.7",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

2
2022/41xxx/CVE-2022-41086.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41088.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41090.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41091.json
View File

@ -161,7 +161,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41092.json
View File

@ -101,7 +101,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41093.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41095.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41096.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41097.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41098.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41099.json
View File

@ -101,7 +101,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41100.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41101.json
View File

@ -161,7 +161,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41102.json
View File

@ -161,7 +161,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

5
2022/41xxx/CVE-2022-41103.json
View File

@ -86,6 +86,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.1",

5
2022/41xxx/CVE-2022-41104.json
View File

@ -38,6 +38,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.1",

5
2022/41xxx/CVE-2022-41105.json
View File

@ -38,6 +38,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.1",

5
2022/41xxx/CVE-2022-41106.json
View File

@ -38,6 +38,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.1",

12
2022/41xxx/CVE-2022-41107.json
View File

@ -40,8 +40,18 @@
"version_data": [
{
"version_affected": "<",
"version_name": "16.0.1",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.0",
"version_value": "16.67.22111300"
},
{
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "16.67.22111300"
}
]
}

2
2022/41xxx/CVE-2022-41109.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41114.json
View File

@ -101,7 +101,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41118.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

138
2022/41xxx/CVE-2022-41123.json
View File

@ -1,70 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41123",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
]
},
@ -80,21 +27,84 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.020"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.016"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.036"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.037"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41123",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41123"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.8",
"temporalScore": "6.8",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

2
2022/41xxx/CVE-2022-41125.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

2
2022/41xxx/CVE-2022-41128.json
View File

@ -125,7 +125,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.819"
"version_value": "10.0.22621.819"
}
]
}

87
2023/20xxx/CVE-2023-20867.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "VMware Tools",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "12.2.5"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html",
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VMSA-2023-0013",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

5
2023/23xxx/CVE-2023-23397.json
View File

@ -42,6 +42,11 @@
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
}
]
}

5
2023/23xxx/CVE-2023-23398.json
View File

@ -38,6 +38,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.1",

13
2023/23xxx/CVE-2023-23399.json
View File

@ -40,17 +40,22 @@
"version_data": [
{
"version_affected": "<",
"version_name": "16.0.1",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
},
{
"version_affected": "<",
"version_name": "16.0.0.0",
"version_value": "16.0.5387.1000"
"version_name": "16.0.0",
"version_value": "16.71.23031200"
},
{
"version_affected": "<",
"version_name": "15.0.0.0",
"version_name": "16.0.1",
"version_value": "16.71.23031200"
},
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.0.5537.1000"
}
]

4
2023/24xxx/CVE-2023-24880.json
View File

@ -174,8 +174,8 @@
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C"
"baseScore": 4.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C"
}
]
}

5
2023/24xxx/CVE-2023-24910.json
View File

@ -223,6 +223,11 @@
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.0.0",
"version_value": "16.71.23031200"
},
{
"version_affected": "<",
"version_name": "16.0.1",

56
2023/27xxx/CVE-2023-27837.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P",
"refsource": "MISC",
"name": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P"
}
]
}

76
2023/28xxx/CVE-2023-28303.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28303",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Windows Snipping Tool Information Disclosure Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Snipping Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.2302.20.0"
}
]
}
},
{
"product_name": "Snip & Sketch",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "10.2008.3001.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "LOW",
"baseScore": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"
}
]
}

77
2023/28xxx/CVE-2023-28598.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@zoom.us",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTML Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zoom",
"product": {
"product_data": [
{
"product_name": "Zoom for Linux clients",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.13.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "MISC",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

121
2023/28xxx/CVE-2023-28599.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@zoom.us",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTML Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zoom",
"product": {
"product_data": [
{
"product_name": "Zoom for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.13.10"
}
]
}
},
{
"product_name": "Zoom for iOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.13.10"
}
]
}
},
{
"product_name": "Zoom for Linux",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.13.10"
}
]
}
},
{
"product_name": "Zoom for macOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.13.10"
}
]
}
},
{
"product_name": "Zoom for Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.13.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "MISC",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

61
2023/30xxx/CVE-2023-30179.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30179",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14"
},
{
"refsource": "MISC",
"name": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection",
"url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection"
}
]
}

18
2023/31xxx/CVE-2023-31242.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

66
2023/31xxx/CVE-2023-31437.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/systemd/systemd/releases",
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf",
"url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/kastel-security/Journald",
"url": "https://github.com/kastel-security/Journald"
}
]
}

66
2023/31xxx/CVE-2023-31438.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/systemd/systemd/releases",
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf",
"url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/kastel-security/Journald",
"url": "https://github.com/kastel-security/Journald"
}
]
}

66
2023/31xxx/CVE-2023-31439.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/systemd/systemd/releases",
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf",
"url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/kastel-security/Journald",
"url": "https://github.com/kastel-security/Journald"
}
]
}

66
2023/31xxx/CVE-2023-31541.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A unrestricted file upload vulnerability was discovered in the \u2018Browse and upload images\u2019 feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://redmine.com",
"refsource": "MISC",
"name": "http://redmine.com"
},
{
"url": "http://redmineckeditor.com",
"refsource": "MISC",
"name": "http://redmineckeditor.com"
},
{
"refsource": "MISC",
"name": "https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md",
"url": "https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md"
}
]
}

66
2023/33xxx/CVE-2023-33620.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33620",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://glinet.com",
"refsource": "MISC",
"name": "http://glinet.com"
},
{
"url": "http://gl-ar750s-ext.com",
"refsource": "MISC",
"name": "http://gl-ar750s-ext.com"
},
{
"refsource": "MISC",
"name": "https://justinapplegate.me/2023/glinet-CVE-2023-33620/",
"url": "https://justinapplegate.me/2023/glinet-CVE-2023-33620/"
}
]
}

81
2023/34xxx/CVE-2023-34247.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "keystonejs",
"product": {
"product_data": [
{
"product_name": "keystone",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 7.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m",
"refsource": "MISC",
"name": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m"
},
{
"url": "https://github.com/keystonejs/keystone/pull/8626",
"refsource": "MISC",
"name": "https://github.com/keystonejs/keystone/pull/8626"
}
]
},
"source": {
"advisory": "GHSA-jqxr-vjvv-899m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}

81
2023/34xxx/CVE-2023-34249.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34249",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "benjjvi",
"product": {
"product_data": [
{
"product_name": "PyBB",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< dcaeccd37198ecd3e41ea766d1099354b60d69c2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg",
"refsource": "MISC",
"name": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg"
},
{
"url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2",
"refsource": "MISC",
"name": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2"
}
]
},
"source": {
"advisory": "GHSA-5qrx-fgxq-95gg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/34xxx/CVE-2023-34998.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34998",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3224.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}