admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-08T20:00:34.994278+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-08 20:00:39 +00:00
parent 4cab7a9e68
commit 8d1aafa7a8
147 changed files with 7249 additions and 272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2022/CVE-2022-21xx/CVE-2022-2127.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2127",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.183",
"lastModified": "2023-08-05T03:15:09.337",
"vulnStatus": "Modified",
"lastModified": "2023-08-08T19:11:14.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
@ -134,6 +134,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@ -170,11 +175,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0010/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-2127.html",

71
CVE-2022/CVE-2022-344xx/CVE-2022-34453.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34453",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-03T13:15:09.490",
"lastModified": "2023-08-03T15:37:04.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:14:25.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:xtremio_x2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.1-11",
"matchCriteriaId": "6DFE6F58-E6B9-4545-B049-B169A1DEF6F6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:xtremio_x2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A977D9-77DA-4FF3-9963-1F93B09961D1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000204809/dsa-2022-290-dell-xtremio-x2-security-advisory-for-xms-gui?lang=en",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-202xx/CVE-2023-20204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20204",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.313",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:03:28.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +54,68 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:broadworks_application_delivery_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "ri.2023.06",
"matchCriteriaId": "C635F977-BD12-4E0B-93D0-8B01164CC3F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:broadworks_application_server:*:*:*:*:-:*:*:*",
"versionEndExcluding": "23.0.2023.08",
"matchCriteriaId": "1B8174D7-B358-47CA-9A55-6807430B01F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:broadworks_application_server:*:*:*:*:release_independent:*:*:*",
"versionEndExcluding": "2023.06",
"matchCriteriaId": "5472E79F-9AC4-4887-A674-0CD28977DFFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:broadworks_application_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.2023.08",
"matchCriteriaId": "0B6204F7-86DD-4FF0-BE30-E20BB5B4BE92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:broadworks_xtended_services_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.0.2023.08",
"matchCriteriaId": "04BC9E97-649D-4064-898E-40B03DB0A670"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-commpilot-xss-jC46sezF",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20555.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20555",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.173",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20556.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20556",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.340",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20561.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20561",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.407",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20562.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20562",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.467",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003",
"source": "psirt@amd.com"
}
]
}

24
CVE-2023/CVE-2023-205xx/CVE-2023-20569.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-20569",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.530",
"lastModified": "2023-08-08T19:15:09.757",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "http://xenbits.xen.org/xsa/advisory-434.html",
"source": "psirt@amd.com"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20586.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20586",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.593",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA potential vulnerability was reported in Radeon\u2122 Software Crimson ReLive Edition which may allow escalation of privilege. Radeon\u2122 Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20588.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20588",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.653",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20589.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20589",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.717",
"lastModified": "2023-08-08T18:33:14.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005",
"source": "psirt@amd.com"
}
]
}

43
CVE-2023/CVE-2023-217xx/CVE-2023-21709.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-21709",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:11.780",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709",
"source": "secure@microsoft.com"
}
]
}

15
CVE-2023/CVE-2023-22xx/CVE-2023-2230.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-2230",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-08T18:15:12.053",
"lastModified": "2023-08-08T18:15:12.053",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** Accidental Assignment"
}
],
"metrics": {},
"references": []
}

63
CVE-2023/CVE-2023-255xx/CVE-2023-25524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25524",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-08-03T17:15:11.527",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:58:23.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +76,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:omniverse_launcher:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.8.11",
"matchCriteriaId": "9E933DC3-BFB5-47F3-A647-D5DFCBAC90A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:omniverse_launcher:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "1.8.11",
"matchCriteriaId": "9561A084-D076-4399-953A-3A14DA2A54CB"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-264xx/CVE-2023-26439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26439",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.403",
"lastModified": "2023-08-03T16:15:10.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:24:52.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -46,22 +76,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.11",
"matchCriteriaId": "AD01E9AA-CCA9-4BD5-A12F-9CC9C977EACE"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

74
CVE-2023/CVE-2023-264xx/CVE-2023-26440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26440",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.483",
"lastModified": "2023-08-03T16:15:10.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:18:52.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security@open-xchange.com",
"type": "Secondary",
@ -46,22 +76,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.11",
"matchCriteriaId": "AD01E9AA-CCA9-4BD5-A12F-9CC9C977EACE"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf",
"source": "security@open-xchange.com"
"source": "security@open-xchange.com",
"tags": [
"Release Notes"
]
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29328.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29328",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:11.870",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Teams Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29330.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29330",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:11.960",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Teams Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330",
"source": "secure@microsoft.com"
}
]
}

81
CVE-2023/CVE-2023-301xx/CVE-2023-30146.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-30146",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T01:15:09.310",
"lastModified": "2023-08-07T14:15:11.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:55:23.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:assmann:ht-ip211hdp_firmware:2.000.022:*:*:*:*:*:*:*",
"matchCriteriaId": "03373B4E-C2DA-4E32-BABF-CE443119C573"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:assmann:ht-ip211hdp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B4C1D5-8C75-4E75-AA21-AC0493DE3EF2"
}
]
}
]
}
],
"references": [
{
"url": "https://de.assmann.shop/de/Gebaeude-Technik/Sicherheitstechnik/Ueberwachungskameras/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/L1-0/CVE-2023-30146",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-309xx/CVE-2023-30952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30952",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:12.083",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:03:14.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palantir:foundry:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.228.0",
"matchCriteriaId": "0166302B-1546-4D26-BCC9-5F952805901D"
}
]
}
]
}
],
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4",
"source": "cve-coordination@palantir.com"
"source": "cve-coordination@palantir.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-309xx/CVE-2023-30958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30958",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:12.170",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:02:55.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.225.0",
"matchCriteriaId": "5A394572-A4EE-403D-B924-38DBE3F42E9B"
}
]
}
]
}
],
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b",
"source": "cve-coordination@palantir.com"
"source": "cve-coordination@palantir.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-314xx/CVE-2023-31428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31428",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-02T00:15:16.977",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:39:31.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "sirt@brocade.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "sirt@brocade.com",
"type": "Secondary",
@ -46,10 +76,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1c",
"matchCriteriaId": "04156705-D7B0-4819-9877-1896AE211A87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "309D6E49-58B0-4360-9EB9-AAD393E9995F"
}
]
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22380",
"source": "sirt@brocade.com"
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-314xx/CVE-2023-31432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31432",
"sourceIdentifier": "sirt@brocade.com",
"published": "2023-08-02T00:15:17.587",
"lastModified": "2023-08-02T13:30:34.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:37:58.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "sirt@brocade.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "sirt@brocade.com",
"type": "Secondary",
@ -46,10 +76,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1c",
"matchCriteriaId": "04156705-D7B0-4819-9877-1896AE211A87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "309D6E49-58B0-4360-9EB9-AAD393E9995F"
}
]
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22385",
"source": "sirt@brocade.com"
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
]
}
]
}

112
CVE-2023/CVE-2023-327xx/CVE-2023-32764.json
View File

@ -2,23 +2,125 @@
"id": "CVE-2023-32764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T18:15:11.230",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:20:53.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A214AEF4-8348-4020-BCE5-5F37B171F3CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:cloud_enterprise_client:23.3.0.130:*:*:*:*:*:*:*",
"matchCriteriaId": "52B146B7-3AE0-4604-9749-4A4D80EF4939"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:folio_\\/_egov-suite:2021:update_rollup_3:*:*:*:*:*:*",
"matchCriteriaId": "FBBB8828-8A05-43E1-95E5-A60AF5E06CCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:folio_\\/_egov-suite:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "71C50951-05B4-437A-905E-0FC0FA24F5A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:folio_\\/_egov-suite:2022:update_rollup_3:*:*:*:*:*:*",
"matchCriteriaId": "BE50634E-0DF3-48D4-9DCE-95644E164F63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:folio_\\/_egov-suite:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "42D6E2F9-DCB1-4506-9DE9-69D7EEBC3E5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabasoft:folio_\\/_egov-suite:2023:update_rollup_1:*:*:*:*:*:*",
"matchCriteriaId": "8F158182-A576-4009-AAEF-1CC15F9C237B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614-",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_01_CSNC-2023-002_LPE_Cloud_Client.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-333xx/CVE-2023-33363.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-33363",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T16:15:11.713",
"lastModified": "2023-08-03T16:56:53.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:49:16.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.1",
"matchCriteriaId": "EB816219-172E-445F-9175-938D9B8A4602"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33363",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33372.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33372",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:11.883",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:54:55.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33372",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33373.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33373",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.050",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:53:07.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33373",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33374.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33374",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.183",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:53:38.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33375.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33375",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.343",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:52:05.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33375",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33376.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33376",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.503",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:51:32.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33376",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33377.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33377",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.647",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:49:32.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33377",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-333xx/CVE-2023-33378.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T18:15:12.783",
"lastModified": "2023-08-04T18:53:22.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:50:32.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA"
}
]
}
]
}
],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33378",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.connectedio.com/products/routers",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-336xx/CVE-2023-33665.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-33665",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:11.713",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:26:59.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ai-dev:ai-table:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "0.2.2",
"matchCriteriaId": "3A8EDB0F-D4FC-4A4A-B87D-913B4D544669"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/08/01/aitable.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.boutique.ai-dev.fr/en/ergonomie/56-table-attributes.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35359.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35359",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.123",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35359",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35368.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35368",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.213",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35371.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35371",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.287",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35372.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35372",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.380",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Visio Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35376.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35376",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.467",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35376",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35377.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35377",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.567",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35377",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35378.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35378",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.660",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Projected File System Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35378",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35379.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35379",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.747",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35379",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35380.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35380",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.843",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35380",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35381.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35381",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:12.930",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Fax Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35381",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35382.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35382",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.010",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35382",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35383.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35383",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.093",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35383",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35384.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35384",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.177",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows HTML Platforms Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35384",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35385.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35385",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.263",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35385",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35386.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35386",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.343",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35386",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35387.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35387",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.420",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35387",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35388.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35388",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.507",
"lastModified": "2023-08-08T18:33:10.073",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35389.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35389",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.580",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35389",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35390.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35390",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.667",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35391.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35391",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T19:15:09.940",
"lastModified": "2023-08-08T19:15:09.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35393.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35393",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.750",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure Apache Hive Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35393",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-353xx/CVE-2023-35394.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35394",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:13.840",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure HDInsight Jupyter Notebook Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35394",
"source": "secure@microsoft.com"
}
]
}

69
CVE-2023/CVE-2023-361xx/CVE-2023-36134.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-36134",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.397",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:01:33.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:class_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5244975-A016-4935-B0F3-A1E91773F880"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.phpjabbers.com/class-scheduling-system",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-361xx/CVE-2023-36135.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-36135",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.503",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:01:10.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:class_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5244975-A016-4935-B0F3-A1E91773F880"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.phpjabbers.com/class-scheduling-system",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-361xx/CVE-2023-36137.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-36137",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.773",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:00:54.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross Site Scripting (XSS) vulnerability in the \"theme\" parameter of preview.php in PHPJabbers Class Scheduling System 1.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:class_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5244975-A016-4935-B0F3-A1E91773F880"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.phpjabbers.com/class-scheduling-system",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

80
CVE-2023/CVE-2023-361xx/CVE-2023-36158.json
View File

@ -2,31 +2,97 @@
"id": "CVE-2023-36158",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.447",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:00:34.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:toll_tax_management_system_project:toll_tax_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B086840-9699-4F09-B9AE-CE881B545C43"
}
]
}
]
}
],
"references": [
{
"url": "http://toll.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://cyberredteam.tech/posts/cve-2023-36158/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-361xx/CVE-2023-36159.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-36159",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.587",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T19:00:17.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
}
]
}
]
}
],
"references": [
{
"url": "http://lost.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

70
CVE-2023/CVE-2023-362xx/CVE-2023-36217.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-36217",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T18:15:11.397",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-08T18:27:49.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xoops:xoops:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C58EABF-44CF-4C84-9DC5-49F69872AC4C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.exploit-db.com/exploits/51520",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36532.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36532",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:13.937",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36533.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36533",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.037",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36534.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36534",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.127",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36535.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36535",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.207",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36540.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36540",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.293",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36541.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36541",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T18:15:14.397",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36865.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36865",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.473",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Visio Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36866.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36866",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.543",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Visio Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36869.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36869",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.613",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36873.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36873",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T19:15:10.057",
"lastModified": "2023-08-08T19:15:10.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": ".NET Framework Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36876.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36876",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.700",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36877.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36877",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.790",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure Apache Oozie Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36877",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36881.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36881",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.877",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure Apache Ambari\u00a0Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36881",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36882.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36882",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:14.963",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36882",
"source": "secure@microsoft.com"
}
]
}

21
CVE-2023/CVE-2023-368xx/CVE-2023-36884.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36884",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-07-11T19:15:09.623",
"lastModified": "2023-08-01T02:15:10.363",
"lastModified": "2023-08-08T19:15:10.140",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-07-17",
"cisaActionDue": "2023-08-07",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.\n\nAn attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.\n\nUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\n\nPlease see the Microsoft Threat Intelligence Blog Entry https://aka.ms/Storm-0978 for important information about steps you can take to protect your system from this vulnerability.\n\nThis CVE will be updated with new information and links to security updates when they become available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications https://www.microsoft.com/en-us/msrc/technical-security-notifications .\n\n"
"value": "Windows Search Remote Code Execution Vulnerability"
}
],
"metrics": {
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
@ -233,6 +233,15 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43",
"source": "secure@microsoft.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884",
"source": "secure@microsoft.com",

43
CVE-2023/CVE-2023-368xx/CVE-2023-36889.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36889",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.173",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Group Policy Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36889",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36890.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36890",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.260",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36891.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36891",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.367",
"lastModified": "2023-08-08T18:33:04.943",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36892.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36892",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.457",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36893.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36893",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.543",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36894.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36894",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.633",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36895.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36895",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.727",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36895",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36896.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36896",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.817",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36896",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36897.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36897",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:15.913",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36898.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36898",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.007",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tablet Windows User Interface Application Core Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-368xx/CVE-2023-36899.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36899",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T19:15:10.277",
"lastModified": "2023-08-08T19:15:10.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASP.NET Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36900.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36900",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.093",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36900",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36903.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36903",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.197",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows System Assessment Tool Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36903",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36904.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36904",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.307",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36904",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36905.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36905",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.407",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36905",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36906.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36906",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.497",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Cryptographic Services Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36906",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36907.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36907",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.597",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Cryptographic Services Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36907",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36908.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36908",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.690",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36908",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36909.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36909",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.817",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36909",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36910.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36910",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:16.943",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36910",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36911.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36911",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:17.867",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36911",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36912.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36912",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:19.440",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36912",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36913.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36913",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:20.117",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36913",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-369xx/CVE-2023-36914.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36914",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:21.890",
"lastModified": "2023-08-08T18:33:00.500",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36914",
"source": "secure@microsoft.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More