Skip to content

Commit

Permalink
automatic update
Browse files Browse the repository at this point in the history
  • Loading branch information
@righel @github-actions
righel authored and github-actions[bot] committed Oct 28, 2024
1 parent cb54b0e commit edc3ea3
Showing 1 changed file with 33 additions and 146 deletions.
179 changes: 33 additions & 146 deletions ms-exchange-versions-cves-dict.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5997,6 +5997,14 @@
"15.1.1531.10": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
"cves": [
{
"cvss": 10.0,
"cvss-time": "2020-08-24T17:37:00",
"cwe": "CWE-787",
"id": "CVE-2019-0586",
"last-modified": "2020-08-24T17:37:00",
"summary": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server."
},
{
"cvss": 7.5,
"cvss-time": "2024-02-15T20:18:00",
Expand Down Expand Up @@ -6028,6 +6036,14 @@
"id": "CVE-2021-27065",
"last-modified": "2024-07-25T17:34:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 4.0,
"cvss-time": "2020-08-24T17:37:00",
"cwe": "CWE-732",
"id": "CVE-2019-0588",
"last-modified": "2020-08-24T17:37:00",
"summary": "An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka \"Microsoft Exchange Information Disclosure Vulnerability.\" This affects Microsoft Exchange Server."
}
]
},
Expand Down Expand Up @@ -6407,6 +6423,14 @@
"15.1.1591.13": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
"cves": [
{
"cvss": 10.0,
"cvss-time": "2020-08-24T17:37:00",
"cwe": "CWE-787",
"id": "CVE-2019-0586",
"last-modified": "2020-08-24T17:37:00",
"summary": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server."
},
{
"cvss": 7.5,
"cvss-time": "2024-02-15T20:18:00",
Expand Down Expand Up @@ -6454,6 +6478,14 @@
"id": "CVE-2019-0858",
"last-modified": "2020-08-24T17:37:00",
"summary": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817."
},
{
"cvss": 4.0,
"cvss-time": "2020-08-24T17:37:00",
"cwe": "CWE-732",
"id": "CVE-2019-0588",
"last-modified": "2020-08-24T17:37:00",
"summary": "An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka \"Microsoft Exchange Information Disclosure Vulnerability.\" This affects Microsoft Exchange Server."
}
]
},
Expand Down Expand Up @@ -7144,14 +7176,6 @@
"15.1.2044.12": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
"cves": [
{
"cvss": 9.0,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17117",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 7.5,
"cvss-time": "2024-02-15T20:18:00",
Expand Down Expand Up @@ -7183,38 +7207,6 @@
"id": "CVE-2021-27065",
"last-modified": "2024-07-25T17:34:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17132",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17142",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17143",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Server Information Disclosure Vulnerability"
},
{
"cvss": 6.0,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17141",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
}
]
},
Expand Down Expand Up @@ -7931,14 +7923,6 @@
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 9.0,
"cvss-time": "2023-12-31T19:15:00",
"cwe": "CWE-120",
"id": "CVE-2020-17084",
"last-modified": "2023-12-31T19:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 7.5,
"cvss-time": "2024-02-15T20:18:00",
Expand Down Expand Up @@ -8042,36 +8026,12 @@
"id": "CVE-2021-1730",
"last-modified": "2023-12-29T17:15:00",
"summary": "<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p>\n<p>This update addresses this vulnerability.</p>\n<p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>\n"
},
{
"cvss": 4.0,
"cvss-time": "2023-12-31T19:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17085",
"last-modified": "2023-12-31T19:15:00",
"summary": "Microsoft Exchange Server Denial of Service Vulnerability"
},
{
"cvss": 3.5,
"cvss-time": "2023-12-31T19:15:00",
"cwe": "CWE-79",
"id": "CVE-2020-17083",
"last-modified": "2023-12-31T19:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
]
},
"15.1.2106.6": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
"cves": [
{
"cvss": 9.0,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17117",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 7.5,
"cvss-time": "2024-02-15T20:18:00",
Expand Down Expand Up @@ -8128,30 +8088,6 @@
"last-modified": "2023-12-29T17:16:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17132",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17142",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17143",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Server Information Disclosure Vulnerability"
},
{
"cvss": 6.0,
"cvss-time": "2023-12-29T17:15:00",
Expand All @@ -8160,14 +8096,6 @@
"last-modified": "2023-12-29T17:15:00",
"summary": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"cvss": 6.0,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17141",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 5.8,
"cvss-time": "2023-12-29T17:15:00",
Expand Down Expand Up @@ -8237,14 +8165,6 @@
"last-modified": "2023-12-29T17:16:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 6.0,
"cvss-time": "2023-12-29T17:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2021-24085",
"last-modified": "2023-12-29T17:15:00",
"summary": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"cvss": 5.8,
"cvss-time": "2023-12-29T17:15:00",
Expand Down Expand Up @@ -8584,14 +8504,6 @@
"last-modified": "2024-07-26T19:25:00",
"summary": "Microsoft Exchange Server Security Feature Bypass Vulnerability"
},
{
"cvss": 6.0,
"cvss-time": "2023-12-29T17:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2021-24085",
"last-modified": "2023-12-29T17:15:00",
"summary": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"cvss": 5.8,
"cvss-time": "2023-08-02T00:15:00",
Expand Down Expand Up @@ -12592,32 +12504,7 @@
},
"15.1.845.36": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*",
"cves": [
{
"cvss": 5.8,
"cvss-time": "2017-07-17T18:48:00",
"cwe": "CWE-601",
"id": "CVE-2017-8621",
"last-modified": "2017-07-17T18:48:00",
"summary": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka \"Microsoft Exchange Open Redirect Vulnerability\"."
},
{
"cvss": 4.3,
"cvss-time": "2017-07-14T13:21:00",
"cwe": "CWE-79",
"id": "CVE-2017-8560",
"last-modified": "2017-07-14T13:21:00",
"summary": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability\". This CVE ID is unique from CVE-2017-8559."
},
{
"cvss": 4.3,
"cvss-time": "2017-07-14T13:25:00",
"cwe": "CWE-79",
"id": "CVE-2017-8559",
"last-modified": "2017-07-14T13:25:00",
"summary": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability\". This CVE ID is unique from CVE-2017-8560."
}
]
"cves": []
},
"15.2.1118.12": {
"cpe": "cpe:/a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
Expand Down

0 comments on commit edc3ea3

Please sign in to comment.