From c5cd54eaf4469a2c8681acb4533d855ef92ea6a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Jun 2023 17:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/31xxx/CVE-2022-31635.json | 56 +++++++++++- 2022/31xxx/CVE-2022-31636.json | 56 +++++++++++- 2022/31xxx/CVE-2022-31637.json | 56 +++++++++++- 2022/31xxx/CVE-2022-31638.json | 56 +++++++++++- 2022/31xxx/CVE-2022-31639.json | 56 +++++++++++- 2022/37xxx/CVE-2022-37967.json | 16 ++-- 2022/37xxx/CVE-2022-37992.json | 2 +- 2022/38xxx/CVE-2022-38015.json | 2 +- 2022/3xxx/CVE-2022-3109.json | 5 ++ 2022/3xxx/CVE-2022-3341.json | 5 ++ 2022/41xxx/CVE-2022-41039.json | 2 +- 2022/41xxx/CVE-2022-41045.json | 2 +- 2022/41xxx/CVE-2022-41047.json | 2 +- 2022/41xxx/CVE-2022-41048.json | 2 +- 2022/41xxx/CVE-2022-41049.json | 2 +- 2022/41xxx/CVE-2022-41050.json | 2 +- 2022/41xxx/CVE-2022-41051.json | 72 ++++++++------- 2022/41xxx/CVE-2022-41053.json | 2 +- 2022/41xxx/CVE-2022-41054.json | 2 +- 2022/41xxx/CVE-2022-41055.json | 2 +- 2022/41xxx/CVE-2022-41056.json | 2 +- 2022/41xxx/CVE-2022-41057.json | 2 +- 2022/41xxx/CVE-2022-41058.json | 2 +- 2022/41xxx/CVE-2022-41060.json | 5 ++ 2022/41xxx/CVE-2022-41061.json | 5 ++ 2022/41xxx/CVE-2022-41063.json | 5 ++ 2022/41xxx/CVE-2022-41073.json | 2 +- 2022/41xxx/CVE-2022-41078.json | 160 ++++++++++++++++++--------------- 2022/41xxx/CVE-2022-41079.json | 160 ++++++++++++++++++--------------- 2022/41xxx/CVE-2022-41080.json | 160 ++++++++++++++++++--------------- 2022/41xxx/CVE-2022-41086.json | 2 +- 2022/41xxx/CVE-2022-41088.json | 2 +- 2022/41xxx/CVE-2022-41090.json | 2 +- 2022/41xxx/CVE-2022-41091.json | 2 +- 2022/41xxx/CVE-2022-41092.json | 2 +- 2022/41xxx/CVE-2022-41093.json | 2 +- 2022/41xxx/CVE-2022-41095.json | 2 +- 2022/41xxx/CVE-2022-41096.json | 2 +- 2022/41xxx/CVE-2022-41097.json | 2 +- 2022/41xxx/CVE-2022-41098.json | 2 +- 2022/41xxx/CVE-2022-41099.json | 2 +- 2022/41xxx/CVE-2022-41100.json | 2 +- 2022/41xxx/CVE-2022-41101.json | 2 +- 2022/41xxx/CVE-2022-41102.json | 2 +- 2022/41xxx/CVE-2022-41103.json | 5 ++ 2022/41xxx/CVE-2022-41104.json | 5 ++ 2022/41xxx/CVE-2022-41105.json | 5 ++ 2022/41xxx/CVE-2022-41106.json | 5 ++ 2022/41xxx/CVE-2022-41107.json | 12 ++- 2022/41xxx/CVE-2022-41109.json | 2 +- 2022/41xxx/CVE-2022-41114.json | 2 +- 2022/41xxx/CVE-2022-41118.json | 2 +- 2022/41xxx/CVE-2022-41123.json | 138 +++++++++++++++------------- 2022/41xxx/CVE-2022-41125.json | 2 +- 2022/41xxx/CVE-2022-41128.json | 2 +- 2023/20xxx/CVE-2023-20867.json | 87 +++++++++++++++++- 2023/23xxx/CVE-2023-23397.json | 5 ++ 2023/23xxx/CVE-2023-23398.json | 5 ++ 2023/23xxx/CVE-2023-23399.json | 13 ++- 2023/24xxx/CVE-2023-24880.json | 4 +- 2023/24xxx/CVE-2023-24910.json | 5 ++ 2023/27xxx/CVE-2023-27837.json | 56 ++++++++++-- 2023/28xxx/CVE-2023-28303.json | 76 +++++++++++++++- 2023/28xxx/CVE-2023-28598.json | 77 +++++++++++++++- 2023/28xxx/CVE-2023-28599.json | 121 ++++++++++++++++++++++++- 2023/30xxx/CVE-2023-30179.json | 61 +++++++++++-- 2023/31xxx/CVE-2023-31242.json | 18 ++++ 2023/31xxx/CVE-2023-31437.json | 66 ++++++++++++-- 2023/31xxx/CVE-2023-31438.json | 66 ++++++++++++-- 2023/31xxx/CVE-2023-31439.json | 66 ++++++++++++-- 2023/31xxx/CVE-2023-31541.json | 66 ++++++++++++-- 2023/33xxx/CVE-2023-33620.json | 66 ++++++++++++-- 2023/34xxx/CVE-2023-34247.json | 81 ++++++++++++++++- 2023/34xxx/CVE-2023-34249.json | 81 ++++++++++++++++- 2023/34xxx/CVE-2023-34998.json | 18 ++++ 2023/3xxx/CVE-2023-3224.json | 18 ++++ 76 files changed, 1712 insertions(+), 455 deletions(-) create mode 100644 2023/31xxx/CVE-2023-31242.json create mode 100644 2023/34xxx/CVE-2023-34998.json create mode 100644 2023/3xxx/CVE-2023-3224.json diff --git a/2022/31xxx/CVE-2022-31635.json b/2022/31xxx/CVE-2022-31635.json index f65e31cee02..128957e9ac1 100644 --- a/2022/31xxx/CVE-2022-31635.json +++ b/2022/31xxx/CVE-2022-31635.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31636.json b/2022/31xxx/CVE-2022-31636.json index 218e49b64de..88cd27892cf 100644 --- a/2022/31xxx/CVE-2022-31636.json +++ b/2022/31xxx/CVE-2022-31636.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31637.json b/2022/31xxx/CVE-2022-31637.json index 70b603c3ce3..50bf3a9adab 100644 --- a/2022/31xxx/CVE-2022-31637.json +++ b/2022/31xxx/CVE-2022-31637.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31638.json b/2022/31xxx/CVE-2022-31638.json index 9740fe5e2f0..09a8225614a 100644 --- a/2022/31xxx/CVE-2022-31638.json +++ b/2022/31xxx/CVE-2022-31638.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31639.json b/2022/31xxx/CVE-2022-31639.json index bceb05e6c47..234eddfbccb 100644 --- a/2022/31xxx/CVE-2022-31639.json +++ b/2022/31xxx/CVE-2022-31639.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37967.json b/2022/37xxx/CVE-2022-37967.json index c4ae130ceda..abf11c06c3b 100644 --- a/2022/37xxx/CVE-2022-37967.json +++ b/2022/37xxx/CVE-2022-37967.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.3650" + "version_value": "10.0.17763.4499" } ] } @@ -53,7 +53,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.1366" + "version_value": "10.0.20348.1783" } ] } @@ -65,7 +65,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.5501" + "version_value": "10.0.14393.5989" } ] } @@ -77,7 +77,7 @@ { "version_affected": "<", "version_name": "6.0.0", - "version_value": "6.0.6003.21815" + "version_value": "6.0.6003.22113" } ] } @@ -89,12 +89,12 @@ { "version_affected": "<", "version_name": "6.1.0", - "version_value": "6.1.7601.26266" + "version_value": "6.1.7601.26564" }, { "version_affected": "<", "version_name": "6.0.0", - "version_value": "6.1.7601.26266" + "version_value": "6.1.7601.26564" } ] } @@ -106,7 +106,7 @@ { "version_affected": "<", "version_name": "6.2.0", - "version_value": "6.2.9200.24018" + "version_value": "6.2.9200.24314" } ] } @@ -118,7 +118,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.20721" + "version_value": "6.3.9600.21013" } ] } diff --git a/2022/37xxx/CVE-2022-37992.json b/2022/37xxx/CVE-2022-37992.json index 77df9077aa5..4b1faa53c24 100644 --- a/2022/37xxx/CVE-2022-37992.json +++ b/2022/37xxx/CVE-2022-37992.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/38xxx/CVE-2022-38015.json b/2022/38xxx/CVE-2022-38015.json index 635cefb9677..d0bfe90ba5b 100644 --- a/2022/38xxx/CVE-2022-38015.json +++ b/2022/38xxx/CVE-2022-38015.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/3xxx/CVE-2022-3109.json b/2022/3xxx/CVE-2022-3109.json index 67d6438bea8..f4c0f51b77b 100644 --- a/2022/3xxx/CVE-2022-3109.json +++ b/2022/3xxx/CVE-2022-3109.json @@ -63,6 +63,11 @@ "refsource": "DEBIAN", "name": "DSA-5394", "url": "https://www.debian.org/security/2023/dsa-5394" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html" } ] }, diff --git a/2022/3xxx/CVE-2022-3341.json b/2022/3xxx/CVE-2022-3341.json index 96b06207fa8..193ef229e55 100644 --- a/2022/3xxx/CVE-2022-3341.json +++ b/2022/3xxx/CVE-2022-3341.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e", "url": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html" } ] }, diff --git a/2022/41xxx/CVE-2022-41039.json b/2022/41xxx/CVE-2022-41039.json index 0ea12fbd991..c0f8584b1f4 100644 --- a/2022/41xxx/CVE-2022-41039.json +++ b/2022/41xxx/CVE-2022-41039.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41045.json b/2022/41xxx/CVE-2022-41045.json index 0ae51111565..de806d16cbc 100644 --- a/2022/41xxx/CVE-2022-41045.json +++ b/2022/41xxx/CVE-2022-41045.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41047.json b/2022/41xxx/CVE-2022-41047.json index c7c1d9d1d6d..3148e88100a 100644 --- a/2022/41xxx/CVE-2022-41047.json +++ b/2022/41xxx/CVE-2022-41047.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41048.json b/2022/41xxx/CVE-2022-41048.json index 7872f41d534..7222c7a83a1 100644 --- a/2022/41xxx/CVE-2022-41048.json +++ b/2022/41xxx/CVE-2022-41048.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41049.json b/2022/41xxx/CVE-2022-41049.json index 4b255ccc207..bcb11776bf5 100644 --- a/2022/41xxx/CVE-2022-41049.json +++ b/2022/41xxx/CVE-2022-41049.json @@ -161,7 +161,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41050.json b/2022/41xxx/CVE-2022-41050.json index cb1930ddc7d..90c77f18997 100644 --- a/2022/41xxx/CVE-2022-41050.json +++ b/2022/41xxx/CVE-2022-41050.json @@ -161,7 +161,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41051.json b/2022/41xxx/CVE-2022-41051.json index ee9ae5efdab..d425ba43ffb 100644 --- a/2022/41xxx/CVE-2022-41051.json +++ b/2022/41xxx/CVE-2022-41051.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41051", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure RTOS GUIX Studio", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability." + "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability" } ] }, @@ -50,21 +27,48 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Real Time Operating System GUIX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0.0", + "version_value": "6.2.0.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41053.json b/2022/41xxx/CVE-2022-41053.json index 7ea1349b1d4..3a5e5689f53 100644 --- a/2022/41xxx/CVE-2022-41053.json +++ b/2022/41xxx/CVE-2022-41053.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41054.json b/2022/41xxx/CVE-2022-41054.json index 4b2546395bc..ea8bbd2390b 100644 --- a/2022/41xxx/CVE-2022-41054.json +++ b/2022/41xxx/CVE-2022-41054.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41055.json b/2022/41xxx/CVE-2022-41055.json index c9ad05f8353..0b0d213d507 100644 --- a/2022/41xxx/CVE-2022-41055.json +++ b/2022/41xxx/CVE-2022-41055.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41056.json b/2022/41xxx/CVE-2022-41056.json index c274fdd8da3..6025f075a99 100644 --- a/2022/41xxx/CVE-2022-41056.json +++ b/2022/41xxx/CVE-2022-41056.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41057.json b/2022/41xxx/CVE-2022-41057.json index 4a4722d1bfb..ffdb28041d3 100644 --- a/2022/41xxx/CVE-2022-41057.json +++ b/2022/41xxx/CVE-2022-41057.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41058.json b/2022/41xxx/CVE-2022-41058.json index f63460b8339..414b1fcd7e2 100644 --- a/2022/41xxx/CVE-2022-41058.json +++ b/2022/41xxx/CVE-2022-41058.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41060.json b/2022/41xxx/CVE-2022-41060.json index f0b964525f6..4e6ff72bd26 100644 --- a/2022/41xxx/CVE-2022-41060.json +++ b/2022/41xxx/CVE-2022-41060.json @@ -54,6 +54,11 @@ "version_affected": "<", "version_name": "16.0.1", "version_value": "https://aka.ms/OfficeSecurityReleases" + }, + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" } ] } diff --git a/2022/41xxx/CVE-2022-41061.json b/2022/41xxx/CVE-2022-41061.json index c35ec706f6d..71b3418efa6 100644 --- a/2022/41xxx/CVE-2022-41061.json +++ b/2022/41xxx/CVE-2022-41061.json @@ -131,6 +131,11 @@ "version_affected": "<", "version_name": "16.0.1", "version_value": "16.67.22111300" + }, + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.67.22111300" } ] } diff --git a/2022/41xxx/CVE-2022-41063.json b/2022/41xxx/CVE-2022-41063.json index 206709e6ab9..abe28d68d74 100644 --- a/2022/41xxx/CVE-2022-41063.json +++ b/2022/41xxx/CVE-2022-41063.json @@ -38,6 +38,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2022/41xxx/CVE-2022-41073.json b/2022/41xxx/CVE-2022-41073.json index 725087c84f5..c79ba0ec87f 100644 --- a/2022/41xxx/CVE-2022-41073.json +++ b/2022/41xxx/CVE-2022-41073.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41078.json b/2022/41xxx/CVE-2022-41078.json index 57d6139b92b..39b0b5fe55f 100644 --- a/2022/41xxx/CVE-2022-41078.json +++ b/2022/41xxx/CVE-2022-41078.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41078", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079." + "value": "Microsoft Exchange Server Spoofing Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.044" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.037" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.036" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.020" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.016" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41078", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41078" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "8.0", - "temporalScore": "7.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41079.json b/2022/41xxx/CVE-2022-41079.json index f6f1f673c34..6542b14e6a8 100644 --- a/2022/41xxx/CVE-2022-41079.json +++ b/2022/41xxx/CVE-2022-41079.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41079", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078." + "value": "Microsoft Exchange Server Spoofing Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.020" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.016" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.037" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.044" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.036" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "8.0", - "temporalScore": "7.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41080.json b/2022/41xxx/CVE-2022-41080.json index 32513fe0cb2..11b503de78b 100644 --- a/2022/41xxx/CVE-2022-41080.json +++ b/2022/41xxx/CVE-2022-41080.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41080", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123." + "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.016" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.020" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.044" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.036" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.037" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "8.8", - "temporalScore": "7.7", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41086.json b/2022/41xxx/CVE-2022-41086.json index 840570b1d68..00de11db297 100644 --- a/2022/41xxx/CVE-2022-41086.json +++ b/2022/41xxx/CVE-2022-41086.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41088.json b/2022/41xxx/CVE-2022-41088.json index 380e80e1d99..df0b0efa49b 100644 --- a/2022/41xxx/CVE-2022-41088.json +++ b/2022/41xxx/CVE-2022-41088.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41090.json b/2022/41xxx/CVE-2022-41090.json index 1107d9d51c7..7631564af8b 100644 --- a/2022/41xxx/CVE-2022-41090.json +++ b/2022/41xxx/CVE-2022-41090.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41091.json b/2022/41xxx/CVE-2022-41091.json index 8d4403f35d5..d02caff46ce 100644 --- a/2022/41xxx/CVE-2022-41091.json +++ b/2022/41xxx/CVE-2022-41091.json @@ -161,7 +161,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41092.json b/2022/41xxx/CVE-2022-41092.json index 80042f4992e..c9c6359c321 100644 --- a/2022/41xxx/CVE-2022-41092.json +++ b/2022/41xxx/CVE-2022-41092.json @@ -101,7 +101,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41093.json b/2022/41xxx/CVE-2022-41093.json index d8c5a830695..cdfaaefe471 100644 --- a/2022/41xxx/CVE-2022-41093.json +++ b/2022/41xxx/CVE-2022-41093.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41095.json b/2022/41xxx/CVE-2022-41095.json index 7a8ea1e79e2..82cfd7e651b 100644 --- a/2022/41xxx/CVE-2022-41095.json +++ b/2022/41xxx/CVE-2022-41095.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41096.json b/2022/41xxx/CVE-2022-41096.json index 1c9c11fda5d..f3e7d55d024 100644 --- a/2022/41xxx/CVE-2022-41096.json +++ b/2022/41xxx/CVE-2022-41096.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41097.json b/2022/41xxx/CVE-2022-41097.json index 716fbc8ada6..feaf34455d4 100644 --- a/2022/41xxx/CVE-2022-41097.json +++ b/2022/41xxx/CVE-2022-41097.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41098.json b/2022/41xxx/CVE-2022-41098.json index 4792f4071c8..115fc695683 100644 --- a/2022/41xxx/CVE-2022-41098.json +++ b/2022/41xxx/CVE-2022-41098.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41099.json b/2022/41xxx/CVE-2022-41099.json index 9f7e88b631d..f90a9cfbf7d 100644 --- a/2022/41xxx/CVE-2022-41099.json +++ b/2022/41xxx/CVE-2022-41099.json @@ -101,7 +101,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41100.json b/2022/41xxx/CVE-2022-41100.json index 6b6a4399400..014d64669ee 100644 --- a/2022/41xxx/CVE-2022-41100.json +++ b/2022/41xxx/CVE-2022-41100.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41101.json b/2022/41xxx/CVE-2022-41101.json index b74898ed693..82b331c8917 100644 --- a/2022/41xxx/CVE-2022-41101.json +++ b/2022/41xxx/CVE-2022-41101.json @@ -161,7 +161,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41102.json b/2022/41xxx/CVE-2022-41102.json index 783211d065a..621a3606eb6 100644 --- a/2022/41xxx/CVE-2022-41102.json +++ b/2022/41xxx/CVE-2022-41102.json @@ -161,7 +161,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41103.json b/2022/41xxx/CVE-2022-41103.json index 414dec64da5..f56ca6a6892 100644 --- a/2022/41xxx/CVE-2022-41103.json +++ b/2022/41xxx/CVE-2022-41103.json @@ -86,6 +86,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2022/41xxx/CVE-2022-41104.json b/2022/41xxx/CVE-2022-41104.json index 0583b2913bc..043f16b1e62 100644 --- a/2022/41xxx/CVE-2022-41104.json +++ b/2022/41xxx/CVE-2022-41104.json @@ -38,6 +38,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2022/41xxx/CVE-2022-41105.json b/2022/41xxx/CVE-2022-41105.json index 0fe6b1304bc..168081f84b1 100644 --- a/2022/41xxx/CVE-2022-41105.json +++ b/2022/41xxx/CVE-2022-41105.json @@ -38,6 +38,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2022/41xxx/CVE-2022-41106.json b/2022/41xxx/CVE-2022-41106.json index 09d8873e2e8..0921a8a6eef 100644 --- a/2022/41xxx/CVE-2022-41106.json +++ b/2022/41xxx/CVE-2022-41106.json @@ -38,6 +38,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2022/41xxx/CVE-2022-41107.json b/2022/41xxx/CVE-2022-41107.json index 1484953ec44..b5186ed52c8 100644 --- a/2022/41xxx/CVE-2022-41107.json +++ b/2022/41xxx/CVE-2022-41107.json @@ -40,8 +40,18 @@ "version_data": [ { "version_affected": "<", - "version_name": "16.0.1", + "version_name": "19.0.0", "version_value": "https://aka.ms/OfficeSecurityReleases" + }, + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.67.22111300" + }, + { + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.67.22111300" } ] } diff --git a/2022/41xxx/CVE-2022-41109.json b/2022/41xxx/CVE-2022-41109.json index 12349d35230..40fc766fea8 100644 --- a/2022/41xxx/CVE-2022-41109.json +++ b/2022/41xxx/CVE-2022-41109.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41114.json b/2022/41xxx/CVE-2022-41114.json index 405ad10cdff..369e924f08d 100644 --- a/2022/41xxx/CVE-2022-41114.json +++ b/2022/41xxx/CVE-2022-41114.json @@ -101,7 +101,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41118.json b/2022/41xxx/CVE-2022-41118.json index 503d948af08..c66cbc7713f 100644 --- a/2022/41xxx/CVE-2022-41118.json +++ b/2022/41xxx/CVE-2022-41118.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41123.json b/2022/41xxx/CVE-2022-41123.json index cadc70c06f7..1fc1041758f 100644 --- a/2022/41xxx/CVE-2022-41123.json +++ b/2022/41xxx/CVE-2022-41123.json @@ -1,70 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41123", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080." + "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" } ] }, @@ -80,21 +27,84 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.020" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.016" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.036" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.037" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41123", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41123" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41125.json b/2022/41xxx/CVE-2022-41125.json index 24971ab4b1c..37ca823bdc9 100644 --- a/2022/41xxx/CVE-2022-41125.json +++ b/2022/41xxx/CVE-2022-41125.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2022/41xxx/CVE-2022-41128.json b/2022/41xxx/CVE-2022-41128.json index dd1ad7f234e..06ca7196a16 100644 --- a/2022/41xxx/CVE-2022-41128.json +++ b/2022/41xxx/CVE-2022-41128.json @@ -125,7 +125,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.819" + "version_value": "10.0.22621.819" } ] } diff --git a/2023/20xxx/CVE-2023-20867.json b/2023/20xxx/CVE-2023-20867.json index ee73f7a7c5c..e30dc3022db 100644 --- a/2023/20xxx/CVE-2023-20867.json +++ b/2023/20xxx/CVE-2023-20867.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Tools", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "12.2.5" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VMSA-2023-0013", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23397.json b/2023/23xxx/CVE-2023-23397.json index 22cd7c27ea2..e306c9bd894 100644 --- a/2023/23xxx/CVE-2023-23397.json +++ b/2023/23xxx/CVE-2023-23397.json @@ -42,6 +42,11 @@ "version_affected": "<", "version_name": "16.0.1", "version_value": "https://aka.ms/OfficeSecurityReleases" + }, + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" } ] } diff --git a/2023/23xxx/CVE-2023-23398.json b/2023/23xxx/CVE-2023-23398.json index 3eb99a10eaf..891723af2a7 100644 --- a/2023/23xxx/CVE-2023-23398.json +++ b/2023/23xxx/CVE-2023-23398.json @@ -38,6 +38,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "19.0.0", + "version_value": "https://aka.ms/OfficeSecurityReleases" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2023/23xxx/CVE-2023-23399.json b/2023/23xxx/CVE-2023-23399.json index 6d93fb9327f..9a974164036 100644 --- a/2023/23xxx/CVE-2023-23399.json +++ b/2023/23xxx/CVE-2023-23399.json @@ -40,17 +40,22 @@ "version_data": [ { "version_affected": "<", - "version_name": "16.0.1", + "version_name": "19.0.0", "version_value": "https://aka.ms/OfficeSecurityReleases" }, { "version_affected": "<", - "version_name": "16.0.0.0", - "version_value": "16.0.5387.1000" + "version_name": "16.0.0", + "version_value": "16.71.23031200" }, { "version_affected": "<", - "version_name": "15.0.0.0", + "version_name": "16.0.1", + "version_value": "16.71.23031200" + }, + { + "version_affected": "<", + "version_name": "15.0.0", "version_value": "15.0.5537.1000" } ] diff --git a/2023/24xxx/CVE-2023-24880.json b/2023/24xxx/CVE-2023-24880.json index 31403ad141c..d24ac647a6b 100644 --- a/2023/24xxx/CVE-2023-24880.json +++ b/2023/24xxx/CVE-2023-24880.json @@ -174,8 +174,8 @@ { "version": "3.1", "baseSeverity": "MEDIUM", - "baseScore": 5.4, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C" + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C" } ] } diff --git a/2023/24xxx/CVE-2023-24910.json b/2023/24xxx/CVE-2023-24910.json index 45aa8a57946..1223c83bb1f 100644 --- a/2023/24xxx/CVE-2023-24910.json +++ b/2023/24xxx/CVE-2023-24910.json @@ -223,6 +223,11 @@ "product_name": "Microsoft Office", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.71.23031200" + }, { "version_affected": "<", "version_name": "16.0.1", diff --git a/2023/27xxx/CVE-2023-27837.json b/2023/27xxx/CVE-2023-27837.json index 6092e57ae27..74d39b0f4c1 100644 --- a/2023/27xxx/CVE-2023-27837.json +++ b/2023/27xxx/CVE-2023-27837.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P", + "refsource": "MISC", + "name": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P" } ] } diff --git a/2023/28xxx/CVE-2023-28303.json b/2023/28xxx/CVE-2023-28303.json index 2df38c9d33b..d57a47e5e42 100644 --- a/2023/28xxx/CVE-2023-28303.json +++ b/2023/28xxx/CVE-2023-28303.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Snipping Tool Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Snipping Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.0.0", + "version_value": "11.2302.20.0" + } + ] + } + }, + { + "product_name": "Snip & Sketch", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "10.2008.3001.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "LOW", + "baseScore": 3.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C" } ] } diff --git a/2023/28xxx/CVE-2023-28598.json b/2023/28xxx/CVE-2023-28598.json index 366c750c029..d1bee2cc224 100644 --- a/2023/28xxx/CVE-2023-28598.json +++ b/2023/28xxx/CVE-2023-28598.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTML Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom", + "product": { + "product_data": [ + { + "product_name": "Zoom for Linux clients", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.13.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/28xxx/CVE-2023-28599.json b/2023/28xxx/CVE-2023-28599.json index c87e4224242..7e60cb16b2c 100644 --- a/2023/28xxx/CVE-2023-28599.json +++ b/2023/28xxx/CVE-2023-28599.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTML Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom", + "product": { + "product_data": [ + { + "product_name": "Zoom for Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.13.10" + } + ] + } + }, + { + "product_name": "Zoom for iOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.13.10" + } + ] + } + }, + { + "product_name": "Zoom for Linux", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.13.10" + } + ] + } + }, + { + "product_name": "Zoom for macOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.13.10" + } + ] + } + }, + { + "product_name": "Zoom for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.13.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/30xxx/CVE-2023-30179.json b/2023/30xxx/CVE-2023-30179.json index 82a43aeef65..2bd1387ca57 100644 --- a/2023/30xxx/CVE-2023-30179.json +++ b/2023/30xxx/CVE-2023-30179.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-30179", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-30179", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14" + }, + { + "refsource": "MISC", + "name": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection", + "url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection" } ] } diff --git a/2023/31xxx/CVE-2023-31242.json b/2023/31xxx/CVE-2023-31242.json new file mode 100644 index 00000000000..5bcdd71db9d --- /dev/null +++ b/2023/31xxx/CVE-2023-31242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-31242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31437.json b/2023/31xxx/CVE-2023-31437.json index 80492a62f87..4aaa8522163 100644 --- a/2023/31xxx/CVE-2023-31437.json +++ b/2023/31xxx/CVE-2023-31437.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31437", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31437", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/systemd/systemd/releases", + "refsource": "MISC", + "name": "https://github.com/systemd/systemd/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/kastel-security/Journald", + "url": "https://github.com/kastel-security/Journald" } ] } diff --git a/2023/31xxx/CVE-2023-31438.json b/2023/31xxx/CVE-2023-31438.json index a2b32d345d5..6e2cb6127f6 100644 --- a/2023/31xxx/CVE-2023-31438.json +++ b/2023/31xxx/CVE-2023-31438.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31438", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31438", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/systemd/systemd/releases", + "refsource": "MISC", + "name": "https://github.com/systemd/systemd/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/kastel-security/Journald", + "url": "https://github.com/kastel-security/Journald" } ] } diff --git a/2023/31xxx/CVE-2023-31439.json b/2023/31xxx/CVE-2023-31439.json index 9220aff9f9f..0e5c42085e2 100644 --- a/2023/31xxx/CVE-2023-31439.json +++ b/2023/31xxx/CVE-2023-31439.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/systemd/systemd/releases", + "refsource": "MISC", + "name": "https://github.com/systemd/systemd/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/kastel-security/Journald", + "url": "https://github.com/kastel-security/Journald" } ] } diff --git a/2023/31xxx/CVE-2023-31541.json b/2023/31xxx/CVE-2023-31541.json index 99cb92ca127..3710d2011c0 100644 --- a/2023/31xxx/CVE-2023-31541.json +++ b/2023/31xxx/CVE-2023-31541.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31541", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31541", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A unrestricted file upload vulnerability was discovered in the \u2018Browse and upload images\u2019 feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://redmine.com", + "refsource": "MISC", + "name": "http://redmine.com" + }, + { + "url": "http://redmineckeditor.com", + "refsource": "MISC", + "name": "http://redmineckeditor.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md", + "url": "https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md" } ] } diff --git a/2023/33xxx/CVE-2023-33620.json b/2023/33xxx/CVE-2023-33620.json index e2d7e1dd8a6..4a608883b42 100644 --- a/2023/33xxx/CVE-2023-33620.json +++ b/2023/33xxx/CVE-2023-33620.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33620", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33620", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://glinet.com", + "refsource": "MISC", + "name": "http://glinet.com" + }, + { + "url": "http://gl-ar750s-ext.com", + "refsource": "MISC", + "name": "http://gl-ar750s-ext.com" + }, + { + "refsource": "MISC", + "name": "https://justinapplegate.me/2023/glinet-CVE-2023-33620/", + "url": "https://justinapplegate.me/2023/glinet-CVE-2023-33620/" } ] } diff --git a/2023/34xxx/CVE-2023-34247.json b/2023/34xxx/CVE-2023-34247.json index fc8f00d5a43..8b11669dad7 100644 --- a/2023/34xxx/CVE-2023-34247.json +++ b/2023/34xxx/CVE-2023-34247.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "keystonejs", + "product": { + "product_data": [ + { + "product_name": "keystone", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 7.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m", + "refsource": "MISC", + "name": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m" + }, + { + "url": "https://github.com/keystonejs/keystone/pull/8626", + "refsource": "MISC", + "name": "https://github.com/keystonejs/keystone/pull/8626" + } + ] + }, + "source": { + "advisory": "GHSA-jqxr-vjvv-899m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34249.json b/2023/34xxx/CVE-2023-34249.json index ba1d2420d61..57fb9dead0b 100644 --- a/2023/34xxx/CVE-2023-34249.json +++ b/2023/34xxx/CVE-2023-34249.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "benjjvi", + "product": { + "product_data": [ + { + "product_name": "PyBB", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< dcaeccd37198ecd3e41ea766d1099354b60d69c2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg", + "refsource": "MISC", + "name": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg" + }, + { + "url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2", + "refsource": "MISC", + "name": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2" + } + ] + }, + "source": { + "advisory": "GHSA-5qrx-fgxq-95gg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34998.json b/2023/34xxx/CVE-2023-34998.json new file mode 100644 index 00000000000..69d604da85e --- /dev/null +++ b/2023/34xxx/CVE-2023-34998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-34998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3224.json b/2023/3xxx/CVE-2023-3224.json new file mode 100644 index 00000000000..d0eec667cc5 --- /dev/null +++ b/2023/3xxx/CVE-2023-3224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file