Skip to content

Commit

Permalink
automatic update
Browse files Browse the repository at this point in the history
  • Loading branch information
@righel @github-actions
righel authored and github-actions[bot] committed Nov 6, 2024
1 parent 41a88cf commit ef56ee2
Showing 1 changed file with 64 additions and 128 deletions.
192 changes: 64 additions & 128 deletions ms-exchange-versions-cves-dict.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -890,14 +890,6 @@
"last-modified": "2023-12-29T01:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 9.0,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17117",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 8.3,
"cvss-time": "2023-12-21T01:15:00",
Expand Down Expand Up @@ -1018,30 +1010,6 @@
"last-modified": "2023-12-29T17:16:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17132",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17142",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2023-12-30T00:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17143",
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Server Information Disclosure Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": "2024-07-26T19:25:00",
Expand Down Expand Up @@ -1508,14 +1476,6 @@
"15.0.1497.15": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
"cves": [
{
"cvss": 10.0,
"cvss-time": "2024-07-26T19:26:00",
"cwe": "CWE-918",
"id": "CVE-2021-34473",
"last-modified": "2024-07-26T19:26:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.3,
"cvss-time": "2023-12-21T01:15:00",
Expand Down Expand Up @@ -1548,14 +1508,6 @@
"last-modified": "2023-12-21T01:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 7.5,
"cvss-time": "2024-02-13T17:20:00",
"cwe": "CWE-287",
"id": "CVE-2021-34523",
"last-modified": "2024-02-13T17:20:00",
"summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
},
{
"cvss": 7.2,
"cvss-time": "2023-12-21T00:15:00",
Expand Down Expand Up @@ -1628,14 +1580,6 @@
"last-modified": "2023-12-28T23:15:00",
"summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
},
{
"cvss": 5.0,
"cvss-time": "2024-07-24T16:45:00",
"cwe": "CWE-287",
"id": "CVE-2021-33766",
"last-modified": "2024-07-24T16:45:00",
"summary": "Microsoft Exchange Server Information Disclosure Vulnerability"
},
{
"cvss": 4.3,
"cvss-time": "2023-12-28T16:15:00",
Expand Down Expand Up @@ -1761,14 +1705,6 @@
"15.0.1497.18": {
"cpe": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
"cves": [
{
"cvss": 10.0,
"cvss-time": "2024-07-26T19:26:00",
"cwe": "CWE-918",
"id": "CVE-2021-34473",
"last-modified": "2024-07-26T19:26:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.3,
"cvss-time": "2023-12-21T01:15:00",
Expand Down Expand Up @@ -1801,14 +1737,6 @@
"last-modified": "2023-12-21T01:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 7.5,
"cvss-time": "2024-02-13T17:20:00",
"cwe": "CWE-287",
"id": "CVE-2021-34523",
"last-modified": "2024-02-13T17:20:00",
"summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
},
{
"cvss": 7.2,
"cvss-time": "2023-12-21T00:15:00",
Expand Down Expand Up @@ -1849,14 +1777,6 @@
"last-modified": "2023-12-28T23:15:00",
"summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
},
{
"cvss": 5.0,
"cvss-time": "2024-07-24T16:45:00",
"cwe": "CWE-287",
"id": "CVE-2021-33766",
"last-modified": "2024-07-24T16:45:00",
"summary": "Microsoft Exchange Server Information Disclosure Vulnerability"
},
{
"cvss": 4.3,
"cvss-time": "2023-12-28T16:15:00",
Expand Down Expand Up @@ -4335,14 +4255,6 @@
"last-modified": "2024-07-26T19:26:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 9.0,
"cvss-time": "2024-02-13T17:23:00",
"cwe": "CWE-287",
"id": "CVE-2020-0688",
"last-modified": "2024-02-13T17:23:00",
"summary": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'."
},
{
"cvss": 9.0,
"cvss-time": "2023-12-29T01:15:00",
Expand Down Expand Up @@ -4431,14 +4343,6 @@
"last-modified": "2023-12-21T00:15:00",
"summary": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
},
{
"cvss": 6.8,
"cvss-time": "2021-07-21T11:39:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-0692",
"last-modified": "2021-07-21T11:39:00",
"summary": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'."
},
{
"cvss": 6.8,
"cvss-time": "2024-07-25T17:53:00",
Expand Down Expand Up @@ -4972,14 +4876,6 @@
"last-modified": "2024-07-24T16:45:00",
"summary": "Microsoft Exchange Server Information Disclosure Vulnerability"
},
{
"cvss": 4.3,
"cvss-time": "2023-12-31T20:15:00",
"cwe": "NVD-CWE-Other",
"id": "CVE-2020-16969",
"last-modified": "2023-12-31T20:15:00",
"summary": "<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p>\n<p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p>\n<p>The security update corrects the way that Exchange handles these token validations.</p>\n"
},
{
"cvss": 4.3,
"cvss-time": "2023-12-28T16:15:00",
Expand Down Expand Up @@ -5161,14 +5057,6 @@
"last-modified": "2023-12-30T00:15:00",
"summary": "Microsoft Exchange Remote Code Execution Vulnerability"
},
{
"cvss": 9.0,
"cvss-time": "2023-12-31T19:15:00",
"cwe": "CWE-120",
"id": "CVE-2020-17084",
"last-modified": "2023-12-31T19:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.3,
"cvss-time": "2023-12-21T01:15:00",
Expand Down Expand Up @@ -5385,22 +5273,6 @@
"last-modified": "2023-12-28T16:15:00",
"summary": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"cvss": 4.0,
"cvss-time": "2023-12-31T19:15:00",
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2020-17085",
"last-modified": "2023-12-31T19:15:00",
"summary": "Microsoft Exchange Server Denial of Service Vulnerability"
},
{
"cvss": 3.5,
"cvss-time": "2023-12-31T19:15:00",
"cwe": "CWE-79",
"id": "CVE-2020-17083",
"last-modified": "2023-12-31T19:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 6.5,
"cvss-time": null,
Expand Down Expand Up @@ -14504,6 +14376,38 @@
"15.2.1118.37": {
"cpe": "cpe:/a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"cves": [
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36744",
"last-modified": "2023-09-15T16:30:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36756",
"last-modified": "2023-09-15T14:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36745",
"last-modified": "2023-09-15T16:28:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36757",
"last-modified": "2023-09-14T22:37:00",
"summary": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
Expand Down Expand Up @@ -15551,6 +15455,38 @@
"15.2.1258.25": {
"cpe": "cpe:/a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"cves": [
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36744",
"last-modified": "2023-09-15T16:30:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36756",
"last-modified": "2023-09-15T14:15:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36745",
"last-modified": "2023-09-15T16:28:00",
"summary": "Microsoft Exchange Server Remote Code Execution Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
"cwe": "NVD-CWE-noinfo",
"id": "CVE-2023-36757",
"last-modified": "2023-09-14T22:37:00",
"summary": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"cvss": 8.0,
"cvss-time": null,
Expand Down

0 comments on commit ef56ee2

Please sign in to comment.