From f480277eea434fbe224392a3699bcaf8f4f3aea4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 Jun 2023 01:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/21xxx/CVE-2022-21979.json | 160 ++++++++++++++++++--------------- 2022/21xxx/CVE-2022-21980.json | 160 ++++++++++++++++++--------------- 2022/24xxx/CVE-2022-24477.json | 160 ++++++++++++++++++--------------- 2022/24xxx/CVE-2022-24516.json | 160 ++++++++++++++++++--------------- 2022/34xxx/CVE-2022-34685.json | 72 ++++++++------- 2022/34xxx/CVE-2022-34686.json | 72 ++++++++------- 2022/35xxx/CVE-2022-35824.json | 72 ++++++++------- 2023/23xxx/CVE-2023-23952.json | 50 ++++++++++- 2023/23xxx/CVE-2023-23953.json | 50 ++++++++++- 2023/23xxx/CVE-2023-23954.json | 50 ++++++++++- 2023/23xxx/CVE-2023-23955.json | 50 ++++++++++- 2023/2xxx/CVE-2023-2598.json | 50 ++++++++++- 2023/2xxx/CVE-2023-2977.json | 65 +++++++++++++- 2023/2xxx/CVE-2023-2985.json | 50 ++++++++++- 2023/32xxx/CVE-2023-32349.json | 4 +- 15 files changed, 804 insertions(+), 421 deletions(-) diff --git a/2022/21xxx/CVE-2022-21979.json b/2022/21xxx/CVE-2022-21979.json index 293d93c26ce..bb664eff251 100644 --- a/2022/21xxx/CVE-2022-21979.json +++ b/2022/21xxx/CVE-2022-21979.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-21979", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30134, CVE-2022-34692." + "value": "Microsoft Exchange Server Information Disclosure Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.030" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.042" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.015" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.013" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", - "baseScore": "4.8", - "temporalScore": "4.2", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 4.8, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21980.json b/2022/21xxx/CVE-2022-21980.json index 73d9dbbfc53..0a1c63cac8c 100644 --- a/2022/21xxx/CVE-2022-21980.json +++ b/2022/21xxx/CVE-2022-21980.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-21980", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516." + "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.042" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.030" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.015" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.013" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "8.0", - "temporalScore": "7.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24477.json b/2022/24xxx/CVE-2022-24477.json index a2ea4ce5beb..1f7d0cfacf8 100644 --- a/2022/24xxx/CVE-2022-24477.json +++ b/2022/24xxx/CVE-2022-24477.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-24477", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516." + "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.042" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.030" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.015" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.013" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "8.0", - "temporalScore": "7.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24516.json b/2022/24xxx/CVE-2022-24516.json index 3db7a92f598..41712837fe6 100644 --- a/2022/24xxx/CVE-2022-24516.json +++ b/2022/24xxx/CVE-2022-24516.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-24516", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2013", - "version": { - "version_data": [ - { - "version_value": "Cumulative Update 23" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477." + "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" } ] }, @@ -90,21 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.01.2375.032" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.0986.030" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.00.0", + "version_value": "15.00.1497.042" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.02.0", + "version_value": "15.02.1118.015" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.01.0", + "version_value": "15.01.2507.013" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "8.0", - "temporalScore": "7.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34685.json b/2022/34xxx/CVE-2022-34685.json index a6c40b432a5..c61f4d126c4 100644 --- a/2022/34xxx/CVE-2022-34685.json +++ b/2022/34xxx/CVE-2022-34685.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-34685", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure Real Time Operating System GUIX Studio", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34686." + "value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability" } ] }, @@ -50,21 +27,48 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Real Time Operating System GUIX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0.0", + "version_value": "6.1.12.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34685", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34685" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", - "baseScore": "5.5", - "temporalScore": "5.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34686.json b/2022/34xxx/CVE-2022-34686.json index 4ba1129b81f..3af8caf6a22 100644 --- a/2022/34xxx/CVE-2022-34686.json +++ b/2022/34xxx/CVE-2022-34686.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-34686", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure Real Time Operating System GUIX Studio", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34685." + "value": "Azure RTOS GUIX Studio Information Disclosure Vulnerability" } ] }, @@ -50,21 +27,48 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Real Time Operating System GUIX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0.0", + "version_value": "6.1.12.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34686", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34686" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", - "baseScore": "5.5", - "temporalScore": "5.0", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35824.json b/2022/35xxx/CVE-2022-35824.json index ae79474b942..50b6262c943 100644 --- a/2022/35xxx/CVE-2022-35824.json +++ b/2022/35xxx/CVE-2022-35824.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-35824", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure Site Recovery VMWare to Azure", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35772." + "value": "Azure Site Recovery Remote Code Execution Vulnerability" } ] }, @@ -50,21 +27,48 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure Site Recovery VMWare to Azure", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.50" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35824", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35824" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.2", - "temporalScore": "6.3", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.2, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23952.json b/2023/23xxx/CVE-2023-23952.json index 3e0932a90ab..2abcf9a5082 100644 --- a/2023/23xxx/CVE-2023-23952.json +++ b/2023/23xxx/CVE-2023-23952.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advanced Secure Gateway, Content Analysis", + "version": { + "version_data": [ + { + "version_value": "7.3.13.1, 3.1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217", + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability." } ] } diff --git a/2023/23xxx/CVE-2023-23953.json b/2023/23xxx/CVE-2023-23953.json index e1cd3c6be42..4892221c14e 100644 --- a/2023/23xxx/CVE-2023-23953.json +++ b/2023/23xxx/CVE-2023-23953.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advanced Secure Gateway, Content Analysis", + "version": { + "version_data": [ + { + "version_value": "7.3.13.1, 3.1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217", + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability." } ] } diff --git a/2023/23xxx/CVE-2023-23954.json b/2023/23xxx/CVE-2023-23954.json index 4b081022599..55ad650e4cc 100644 --- a/2023/23xxx/CVE-2023-23954.json +++ b/2023/23xxx/CVE-2023-23954.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advanced Secure Gateway, Content Analysis", + "version": { + "version_data": [ + { + "version_value": "7.3.13.1, 3.1.6..0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217", + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability." } ] } diff --git a/2023/23xxx/CVE-2023-23955.json b/2023/23xxx/CVE-2023-23955.json index 88010192533..9657fa54d54 100644 --- a/2023/23xxx/CVE-2023-23955.json +++ b/2023/23xxx/CVE-2023-23955.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advanced Secure Gateway, Content Analysis", + "version": { + "version_data": [ + { + "version_value": "7.3.13.1, 3.1.6..0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217", + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability." } ] } diff --git a/2023/2xxx/CVE-2023-2598.json b/2023/2xxx/CVE-2023-2598.json index f4449fb814e..1abbbb2d3ce 100644 --- a/2023/2xxx/CVE-2023-2598.json +++ b/2023/2xxx/CVE-2023-2598.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Kernel prior to 6.4-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2023/05/08/3", + "url": "https://www.openwall.com/lists/oss-security/2023/05/08/3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation." } ] } diff --git a/2023/2xxx/CVE-2023-2977.json b/2023/2xxx/CVE-2023-2977.json index d5fa0cb68e5..906a159da0f 100644 --- a/2023/2xxx/CVE-2023-2977.json +++ b/2023/2xxx/CVE-2023-2977.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenSC", + "version": { + "version_data": [ + { + "version_value": "opensc-0.23.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-2977", + "url": "https://access.redhat.com/security/cve/CVE-2023-2977" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088" + }, + { + "refsource": "MISC", + "name": "https://github.com/OpenSC/OpenSC/issues/2785", + "url": "https://github.com/OpenSC/OpenSC/issues/2785" + }, + { + "refsource": "MISC", + "name": "https://github.com/OpenSC/OpenSC/pull/2787", + "url": "https://github.com/OpenSC/OpenSC/pull/2787" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible." } ] } diff --git a/2023/2xxx/CVE-2023-2985.json b/2023/2xxx/CVE-2023-2985.json index eeebab7f55d..824dc0263b1 100644 --- a/2023/2xxx/CVE-2023-2985.json +++ b/2023/2xxx/CVE-2023-2985.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Kernel version prior to l 6.3-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem." } ] } diff --git a/2023/32xxx/CVE-2023-32349.json b/2023/32xxx/CVE-2023-32349.json index 8201d76b02f..c3960b1e118 100644 --- a/2023/32xxx/CVE-2023-32349.json +++ b/2023/32xxx/CVE-2023-32349.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nVersions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n" + "value": "\nVersion 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n" } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "<=", - "version_name": "00.07.00", + "version_name": "0", "version_value": "00.07.03.4" } ]