admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-01 01:00:39 +00:00
parent a918beb37d
commit f480277eea
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 804 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2022/21xxx/CVE-2022-21979.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-21979",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30134, CVE-2022-34692."
"value": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.030"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.042"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.032"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.015"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.013"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"baseScore": "4.8",
"temporalScore": "4.2",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 4.8,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"
}
]
}
}

160
2022/21xxx/CVE-2022-21980.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-21980",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.042"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.030"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.032"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.015"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.013"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "8.0",
"temporalScore": "7.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

160
2022/24xxx/CVE-2022-24477.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-24477",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.042"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.032"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.030"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.015"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.013"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "8.0",
"temporalScore": "7.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

160
2022/24xxx/CVE-2022-24516.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-24516",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
]
},
@ -90,21 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2375.032"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0986.030"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.042"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.1118.015"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2507.013"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "8.0",
"temporalScore": "7.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

72
2022/34xxx/CVE-2022-34685.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-34685",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure Real Time Operating System GUIX Studio",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34686."
"value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability"
}
]
},
@ -50,21 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Azure Real Time Operating System GUIX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0.0",
"version_value": "6.1.12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34685",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34685"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": "5.5",
"temporalScore": "5.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
]
}
}

72
2022/34xxx/CVE-2022-34686.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-34686",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure Real Time Operating System GUIX Studio",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34685."
"value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability"
}
]
},
@ -50,21 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Azure Real Time Operating System GUIX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0.0",
"version_value": "6.1.12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34686",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34686"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": "5.5",
"temporalScore": "5.0",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
}
]
}
}

72
2022/35xxx/CVE-2022-35824.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-35824",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure Site Recovery VMWare to Azure",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35772."
"value": "Azure Site Recovery Remote Code Execution Vulnerability"
}
]
},
@ -50,21 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Azure Site Recovery VMWare to Azure",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.50"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35824",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35824"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.2",
"temporalScore": "6.3",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

50
2023/23xxx/CVE-2023-23952.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway, Content Analysis",
"version": {
"version_data": [
{
"version_value": "7.3.13.1, 3.1.6.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability."
}
]
}

50
2023/23xxx/CVE-2023-23953.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway, Content Analysis",
"version": {
"version_data": [
{
"version_value": "7.3.13.1, 3.1.6.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability."
}
]
}

50
2023/23xxx/CVE-2023-23954.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway, Content Analysis",
"version": {
"version_data": [
{
"version_value": "7.3.13.1, 3.1.6..0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability."
}
]
}

50
2023/23xxx/CVE-2023-23955.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway, Content Analysis",
"version": {
"version_data": [
{
"version_value": "7.3.13.1, 3.1.6..0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability."
}
]
}

50
2023/2xxx/CVE-2023-2598.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Kernel prior to 6.4-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2023/05/08/3",
"url": "https://www.openwall.com/lists/oss-security/2023/05/08/3"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation."
}
]
}

65
2023/2xxx/CVE-2023-2977.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenSC",
"version": {
"version_data": [
{
"version_value": "opensc-0.23.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-2977",
"url": "https://access.redhat.com/security/cve/CVE-2023-2977"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/issues/2785",
"url": "https://github.com/OpenSC/OpenSC/issues/2785"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/pull/2787",
"url": "https://github.com/OpenSC/OpenSC/pull/2787"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible."
}
]
}

50
2023/2xxx/CVE-2023-2985.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Kernel version prior to l 6.3-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem."
}
]
}

4
2023/32xxx/CVE-2023-32349.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nVersions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n"
"value": "\nVersion 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n"
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "00.07.00",
"version_name": "0",
"version_value": "00.07.03.4"
}
]