From dff86a0b859962a195570d484a56d0cd8806b291 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Mar 2018 12:09:35 -0400 Subject: [PATCH] - Added submission from Microsoft from 2018-03-14. --- 2018/0xxx/CVE-2018-0787.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0808.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0811.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0813.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0814.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0815.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0816.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0817.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0868.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0872.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0873.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0874.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0875.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0876.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0877.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0878.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0879.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0880.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0881.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0882.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0883.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0884.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0885.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0886.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0888.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0889.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0891.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0893.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0894.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0895.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0896.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0897.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0898.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0899.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0900.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0901.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0902.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0903.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0904.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0907.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0909.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0910.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0911.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0912.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0913.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0914.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0915.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0916.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0917.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0919.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0921.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0922.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0923.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0924.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0925.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0926.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0927.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0929.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0930.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0931.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0932.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0933.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0934.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0935.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0936.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0937.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0939.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0940.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0941.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0942.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0944.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0947.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0977.json | 49 +++++++++++++++++++++++++++++++++--- 2018/0xxx/CVE-2018-0983.json | 49 +++++++++++++++++++++++++++++++++--- 74 files changed, 3404 insertions(+), 222 deletions(-) diff --git a/2018/0xxx/CVE-2018-0787.json b/2018/0xxx/CVE-2018-0787.json index 0c81aee9437..513ea409364 100644 --- a/2018/0xxx/CVE-2018-0787.json +++ b/2018/0xxx/CVE-2018-0787.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0787", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ASP.NET Core", + "version" : { + "version_data" : [ + { + "version_value" : "ASP.NET Core 1.0. 1.1, and 2.0" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787" } ] } diff --git a/2018/0xxx/CVE-2018-0808.json b/2018/0xxx/CVE-2018-0808.json index 98b24f9e824..aa098dd4ac1 100644 --- a/2018/0xxx/CVE-2018-0808.json +++ b/2018/0xxx/CVE-2018-0808.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0808", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ASP.NET Core", + "version" : { + "version_data" : [ + { + "version_value" : "ASP.NET Core 1.0. 1.1, and 2.0" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests., aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0784." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808" } ] } diff --git a/2018/0xxx/CVE-2018-0811.json b/2018/0xxx/CVE-2018-0811.json index df474d322b5..fb1380d68ab 100644 --- a/2018/0xxx/CVE-2018-0811.json +++ b/2018/0xxx/CVE-2018-0811.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0811", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0811" } ] } diff --git a/2018/0xxx/CVE-2018-0813.json b/2018/0xxx/CVE-2018-0813.json index 3fece51a78a..31f30734430 100644 --- a/2018/0xxx/CVE-2018-0813.json +++ b/2018/0xxx/CVE-2018-0813.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0813", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0813" } ] } diff --git a/2018/0xxx/CVE-2018-0814.json b/2018/0xxx/CVE-2018-0814.json index 578cabbb7db..f128a7ea94b 100644 --- a/2018/0xxx/CVE-2018-0814.json +++ b/2018/0xxx/CVE-2018-0814.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0814", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814" } ] } diff --git a/2018/0xxx/CVE-2018-0815.json b/2018/0xxx/CVE-2018-0815.json index e0be3d7d6f2..8ebf85f8011 100644 --- a/2018/0xxx/CVE-2018-0815.json +++ b/2018/0xxx/CVE-2018-0815.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0815", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0816, and CVE-2018-0817." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0815" } ] } diff --git a/2018/0xxx/CVE-2018-0816.json b/2018/0xxx/CVE-2018-0816.json index 5fd1ac7dc1e..d74947ba3a6 100644 --- a/2018/0xxx/CVE-2018-0816.json +++ b/2018/0xxx/CVE-2018-0816.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0816", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0815 and CVE-2018-0817." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0816" } ] } diff --git a/2018/0xxx/CVE-2018-0817.json b/2018/0xxx/CVE-2018-0817.json index c04e3ff933f..678961a6608 100644 --- a/2018/0xxx/CVE-2018-0817.json +++ b/2018/0xxx/CVE-2018-0817.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0817", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0815 and CVE-2018-0816." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0817" } ] } diff --git a/2018/0xxx/CVE-2018-0868.json b/2018/0xxx/CVE-2018-0868.json index 6bae6538a6a..bc84abe6fb2 100644 --- a/2018/0xxx/CVE-2018-0868.json +++ b/2018/0xxx/CVE-2018-0868.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0868", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Installer", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka \"Windows Installer Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0868" } ] } diff --git a/2018/0xxx/CVE-2018-0872.json b/2018/0xxx/CVE-2018-0872.json index 50a38858277..0ccc8a98dcb 100644 --- a/2018/0xxx/CVE-2018-0872.json +++ b/2018/0xxx/CVE-2018-0872.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0872", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0872" } ] } diff --git a/2018/0xxx/CVE-2018-0873.json b/2018/0xxx/CVE-2018-0873.json index 4d16178d031..bccba195de0 100644 --- a/2018/0xxx/CVE-2018-0873.json +++ b/2018/0xxx/CVE-2018-0873.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0873", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0873" } ] } diff --git a/2018/0xxx/CVE-2018-0874.json b/2018/0xxx/CVE-2018-0874.json index d33a131d9bf..8162defb2d6 100644 --- a/2018/0xxx/CVE-2018-0874.json +++ b/2018/0xxx/CVE-2018-0874.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0874", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0874" } ] } diff --git a/2018/0xxx/CVE-2018-0875.json b/2018/0xxx/CVE-2018-0875.json index 2a2923ccfd5..626265ab36f 100644 --- a/2018/0xxx/CVE-2018-0875.json +++ b/2018/0xxx/CVE-2018-0875.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0875", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : ".NET Core", + "version" : { + "version_data" : [ + { + "version_value" : ".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\"." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : ".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875" } ] } diff --git a/2018/0xxx/CVE-2018-0876.json b/2018/0xxx/CVE-2018-0876.json index 4b3ecc0b477..88ab872b58c 100644 --- a/2018/0xxx/CVE-2018-0876.json +++ b/2018/0xxx/CVE-2018-0876.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0876", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0876" } ] } diff --git a/2018/0xxx/CVE-2018-0877.json b/2018/0xxx/CVE-2018-0877.json index 0dcf9f42e39..6af974d1b52 100644 --- a/2018/0xxx/CVE-2018-0877.json +++ b/2018/0xxx/CVE-2018-0877.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0877", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Desktop Bridge Virtual File System", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka \"Windows Desktop Bridge VFS Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877" } ] } diff --git a/2018/0xxx/CVE-2018-0878.json b/2018/0xxx/CVE-2018-0878.json index 604d026a5ae..8b233827ce5 100644 --- a/2018/0xxx/CVE-2018-0878.json +++ b/2018/0xxx/CVE-2018-0878.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0878", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Remote Assistance", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka \"Windows Remote Assistance Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878" } ] } diff --git a/2018/0xxx/CVE-2018-0879.json b/2018/0xxx/CVE-2018-0879.json index 57a0f910f35..122f2d34224 100644 --- a/2018/0xxx/CVE-2018-0879.json +++ b/2018/0xxx/CVE-2018-0879.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0879", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879" } ] } diff --git a/2018/0xxx/CVE-2018-0880.json b/2018/0xxx/CVE-2018-0880.json index 723e97caec3..9843c4e834b 100644 --- a/2018/0xxx/CVE-2018-0880.json +++ b/2018/0xxx/CVE-2018-0880.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0880", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Desktop Bridge", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka \"Windows Desktop Bridge Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0882." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0880" } ] } diff --git a/2018/0xxx/CVE-2018-0881.json b/2018/0xxx/CVE-2018-0881.json index f110e3fa088..eb2b2ddc693 100644 --- a/2018/0xxx/CVE-2018-0881.json +++ b/2018/0xxx/CVE-2018-0881.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0881", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how obects are handled in memory, aka \"Microsoft Video Control Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0881" } ] } diff --git a/2018/0xxx/CVE-2018-0882.json b/2018/0xxx/CVE-2018-0882.json index 291600a8dd2..82933e70de9 100644 --- a/2018/0xxx/CVE-2018-0882.json +++ b/2018/0xxx/CVE-2018-0882.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0882", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Deskop Bridge", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka \"Windows Desktop Bridge Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0880." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0882" } ] } diff --git a/2018/0xxx/CVE-2018-0883.json b/2018/0xxx/CVE-2018-0883.json index ad3cf5fa355..8add6b09f7d 100644 --- a/2018/0xxx/CVE-2018-0883.json +++ b/2018/0xxx/CVE-2018-0883.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0883", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Shell", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka \"Windows Shell Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0883" } ] } diff --git a/2018/0xxx/CVE-2018-0884.json b/2018/0xxx/CVE-2018-0884.json index f990068b6eb..18de26607ec 100644 --- a/2018/0xxx/CVE-2018-0884.json +++ b/2018/0xxx/CVE-2018-0884.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0884", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Scripting Host", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka \"Windows Security Feature Bypass Vulnerability\". This CVE is unique from CVE-2018-0902." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Security Feature Bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0884" } ] } diff --git a/2018/0xxx/CVE-2018-0885.json b/2018/0xxx/CVE-2018-0885.json index b54663f07e8..debb4be49a8 100644 --- a/2018/0xxx/CVE-2018-0885.json +++ b/2018/0xxx/CVE-2018-0885.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0885", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Hyper-V Network Switch", + "version" : { + "version_data" : [ + { + "version_value" : "64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka \"Hyper-V Denial of Service Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0885" } ] } diff --git a/2018/0xxx/CVE-2018-0886.json b/2018/0xxx/CVE-2018-0886.json index ca71be2e96e..6b7dee83d26 100644 --- a/2018/0xxx/CVE-2018-0886.json +++ b/2018/0xxx/CVE-2018-0886.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0886", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka \"CredSSP Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886" } ] } diff --git a/2018/0xxx/CVE-2018-0888.json b/2018/0xxx/CVE-2018-0888.json index b4774b100b1..4f41b47e9cf 100644 --- a/2018/0xxx/CVE-2018-0888.json +++ b/2018/0xxx/CVE-2018-0888.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0888", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Hyper-V Network SwitchHyper-V Network Switch", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka \"Hyper-V Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0888" } ] } diff --git a/2018/0xxx/CVE-2018-0889.json b/2018/0xxx/CVE-2018-0889.json index 757b6f67bba..ce7bf7a1807 100644 --- a/2018/0xxx/CVE-2018-0889.json +++ b/2018/0xxx/CVE-2018-0889.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0889", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0889" } ] } diff --git a/2018/0xxx/CVE-2018-0891.json b/2018/0xxx/CVE-2018-0891.json index 7b8d71a3304..cf4c6e85be0 100644 --- a/2018/0xxx/CVE-2018-0891.json +++ b/2018/0xxx/CVE-2018-0891.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0891", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge, Internet Explorer", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0939." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891" } ] } diff --git a/2018/0xxx/CVE-2018-0893.json b/2018/0xxx/CVE-2018-0893.json index 4a9278de954..a39b64d3701 100644 --- a/2018/0xxx/CVE-2018-0893.json +++ b/2018/0xxx/CVE-2018-0893.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0893", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0893" } ] } diff --git a/2018/0xxx/CVE-2018-0894.json b/2018/0xxx/CVE-2018-0894.json index f4c82631af0..49d4ddeb55d 100644 --- a/2018/0xxx/CVE-2018-0894.json +++ b/2018/0xxx/CVE-2018-0894.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0894", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0894" } ] } diff --git a/2018/0xxx/CVE-2018-0895.json b/2018/0xxx/CVE-2018-0895.json index f6fc73c121a..54225fad2ff 100644 --- a/2018/0xxx/CVE-2018-0895.json +++ b/2018/0xxx/CVE-2018-0895.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0895", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0895" } ] } diff --git a/2018/0xxx/CVE-2018-0896.json b/2018/0xxx/CVE-2018-0896.json index c078e502ac6..ac3b87a64d5 100644 --- a/2018/0xxx/CVE-2018-0896.json +++ b/2018/0xxx/CVE-2018-0896.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0896", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0896" } ] } diff --git a/2018/0xxx/CVE-2018-0897.json b/2018/0xxx/CVE-2018-0897.json index 83d31ecdb34..289a11256a0 100644 --- a/2018/0xxx/CVE-2018-0897.json +++ b/2018/0xxx/CVE-2018-0897.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0897", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0897" } ] } diff --git a/2018/0xxx/CVE-2018-0898.json b/2018/0xxx/CVE-2018-0898.json index 25cfcc20b20..a07897667d9 100644 --- a/2018/0xxx/CVE-2018-0898.json +++ b/2018/0xxx/CVE-2018-0898.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0898", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0898" } ] } diff --git a/2018/0xxx/CVE-2018-0899.json b/2018/0xxx/CVE-2018-0899.json index a8d6f27b0e3..f4b484f297e 100644 --- a/2018/0xxx/CVE-2018-0899.json +++ b/2018/0xxx/CVE-2018-0899.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0899", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0899" } ] } diff --git a/2018/0xxx/CVE-2018-0900.json b/2018/0xxx/CVE-2018-0900.json index bc052407028..4a3d140f8ba 100644 --- a/2018/0xxx/CVE-2018-0900.json +++ b/2018/0xxx/CVE-2018-0900.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0900", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0900" } ] } diff --git a/2018/0xxx/CVE-2018-0901.json b/2018/0xxx/CVE-2018-0901.json index 9e98af2fd53..0212da27f4c 100644 --- a/2018/0xxx/CVE-2018-0901.json +++ b/2018/0xxx/CVE-2018-0901.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0901", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0901" } ] } diff --git a/2018/0xxx/CVE-2018-0902.json b/2018/0xxx/CVE-2018-0902.json index 913fb1a4d3f..15bd6483484 100644 --- a/2018/0xxx/CVE-2018-0902.json +++ b/2018/0xxx/CVE-2018-0902.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0902", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cryptography Next Generation (CNG) kernel-mode driver (cng.sys)", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka \"Windows Security Feature Bypass Vulnerability\". This CVE is unique from CVE-2018-0884." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Security Feature Bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902" } ] } diff --git a/2018/0xxx/CVE-2018-0903.json b/2018/0xxx/CVE-2018-0903.json index db121658688..f432902e760 100644 --- a/2018/0xxx/CVE-2018-0903.json +++ b/2018/0xxx/CVE-2018-0903.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0903", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Access", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Access Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0903" } ] } diff --git a/2018/0xxx/CVE-2018-0904.json b/2018/0xxx/CVE-2018-0904.json index c16c5c30599..a7140331599 100644 --- a/2018/0xxx/CVE-2018-0904.json +++ b/2018/0xxx/CVE-2018-0904.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0904", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows informatio disclosure vulnerability due to how memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0904" } ] } diff --git a/2018/0xxx/CVE-2018-0907.json b/2018/0xxx/CVE-2018-0907.json index 9adafe62cce..3395ca6226e 100644 --- a/2018/0xxx/CVE-2018-0907.json +++ b/2018/0xxx/CVE-2018-0907.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0907", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Excel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Excel 2007 SP3, Microssoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Excel 2007 SP3, Microssoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka \"Microsoft Office Excel Security Feature Bypass\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Security Feature Bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0907" } ] } diff --git a/2018/0xxx/CVE-2018-0909.json b/2018/0xxx/CVE-2018-0909.json index 8c5361dca0f..9f040061d3b 100644 --- a/2018/0xxx/CVE-2018-0909.json +++ b/2018/0xxx/CVE-2018-0909.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0909", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0909" } ] } diff --git a/2018/0xxx/CVE-2018-0910.json b/2018/0xxx/CVE-2018-0910.json index ee631d63e9d..83aba4718e0 100644 --- a/2018/0xxx/CVE-2018-0910.json +++ b/2018/0xxx/CVE-2018-0910.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0910", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0910" } ] } diff --git a/2018/0xxx/CVE-2018-0911.json b/2018/0xxx/CVE-2018-0911.json index 674e4409ca6..c5b7611a1a1 100644 --- a/2018/0xxx/CVE-2018-0911.json +++ b/2018/0xxx/CVE-2018-0911.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0911", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911" } ] } diff --git a/2018/0xxx/CVE-2018-0912.json b/2018/0xxx/CVE-2018-0912.json index 8bbf979fede..3e9e9aea8af 100644 --- a/2018/0xxx/CVE-2018-0912.json +++ b/2018/0xxx/CVE-2018-0912.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0912", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912" } ] } diff --git a/2018/0xxx/CVE-2018-0913.json b/2018/0xxx/CVE-2018-0913.json index 09684da949b..3947e62e37d 100644 --- a/2018/0xxx/CVE-2018-0913.json +++ b/2018/0xxx/CVE-2018-0913.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0913", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0913" } ] } diff --git a/2018/0xxx/CVE-2018-0914.json b/2018/0xxx/CVE-2018-0914.json index 8dcca4e0ef4..814e1c4a705 100644 --- a/2018/0xxx/CVE-2018-0914.json +++ b/2018/0xxx/CVE-2018-0914.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0914", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0914" } ] } diff --git a/2018/0xxx/CVE-2018-0915.json b/2018/0xxx/CVE-2018-0915.json index daaff242138..a130a558da9 100644 --- a/2018/0xxx/CVE-2018-0915.json +++ b/2018/0xxx/CVE-2018-0915.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0915", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0915" } ] } diff --git a/2018/0xxx/CVE-2018-0916.json b/2018/0xxx/CVE-2018-0916.json index 8c879f25bcb..c7ed103f28e 100644 --- a/2018/0xxx/CVE-2018-0916.json +++ b/2018/0xxx/CVE-2018-0916.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0916", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0916" } ] } diff --git a/2018/0xxx/CVE-2018-0917.json b/2018/0xxx/CVE-2018-0917.json index 0cbc81b2f2f..881f40e1e60 100644 --- a/2018/0xxx/CVE-2018-0917.json +++ b/2018/0xxx/CVE-2018-0917.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0917", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0917" } ] } diff --git a/2018/0xxx/CVE-2018-0919.json b/2018/0xxx/CVE-2018-0919.json index 82e4b10bcfb..09ddbcd4707 100644 --- a/2018/0xxx/CVE-2018-0919.json +++ b/2018/0xxx/CVE-2018-0919.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0919", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Office", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919" } ] } diff --git a/2018/0xxx/CVE-2018-0921.json b/2018/0xxx/CVE-2018-0921.json index ae019d72f6e..fd7073c5189 100644 --- a/2018/0xxx/CVE-2018-0921.json +++ b/2018/0xxx/CVE-2018-0921.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0921", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0921" } ] } diff --git a/2018/0xxx/CVE-2018-0922.json b/2018/0xxx/CVE-2018-0922.json index 56b8e2ad187..f8f7687a266 100644 --- a/2018/0xxx/CVE-2018-0922.json +++ b/2018/0xxx/CVE-2018-0922.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0922", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Office", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922" } ] } diff --git a/2018/0xxx/CVE-2018-0923.json b/2018/0xxx/CVE-2018-0923.json index 3b6d56cd407..c5750b3a62f 100644 --- a/2018/0xxx/CVE-2018-0923.json +++ b/2018/0xxx/CVE-2018-0923.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0923", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923" } ] } diff --git a/2018/0xxx/CVE-2018-0924.json b/2018/0xxx/CVE-2018-0924.json index 5f18dd58d2f..05d6622705e 100644 --- a/2018/0xxx/CVE-2018-0924.json +++ b/2018/0xxx/CVE-2018-0924.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0924", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Exchange Server", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka \"Microsoft Exchange Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0941." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0924" } ] } diff --git a/2018/0xxx/CVE-2018-0925.json b/2018/0xxx/CVE-2018-0925.json index 312781cec7f..ee7ca5ce144 100644 --- a/2018/0xxx/CVE-2018-0925.json +++ b/2018/0xxx/CVE-2018-0925.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0925", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0925" } ] } diff --git a/2018/0xxx/CVE-2018-0926.json b/2018/0xxx/CVE-2018-0926.json index 83ee95a5d39..13ef6942405 100644 --- a/2018/0xxx/CVE-2018-0926.json +++ b/2018/0xxx/CVE-2018-0926.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0926", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0926" } ] } diff --git a/2018/0xxx/CVE-2018-0927.json b/2018/0xxx/CVE-2018-0927.json index 01786f78cb5..27ff8f9f98e 100644 --- a/2018/0xxx/CVE-2018-0927.json +++ b/2018/0xxx/CVE-2018-0927.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0927", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Internet Explorer, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0927" } ] } diff --git a/2018/0xxx/CVE-2018-0929.json b/2018/0xxx/CVE-2018-0929.json index bdd160aad6c..2d7f1ac069e 100644 --- a/2018/0xxx/CVE-2018-0929.json +++ b/2018/0xxx/CVE-2018-0929.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0929", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Internet Explorer", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0929" } ] } diff --git a/2018/0xxx/CVE-2018-0930.json b/2018/0xxx/CVE-2018-0930.json index 123c14219a0..4ff5d139894 100644 --- a/2018/0xxx/CVE-2018-0930.json +++ b/2018/0xxx/CVE-2018-0930.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0930", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore and Microsoft Windows 10 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0930" } ] } diff --git a/2018/0xxx/CVE-2018-0931.json b/2018/0xxx/CVE-2018-0931.json index acbc7cdf193..a03509b143b 100644 --- a/2018/0xxx/CVE-2018-0931.json +++ b/2018/0xxx/CVE-2018-0931.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0931", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0931" } ] } diff --git a/2018/0xxx/CVE-2018-0932.json b/2018/0xxx/CVE-2018-0932.json index 2623bc1a170..6b86700f30e 100644 --- a/2018/0xxx/CVE-2018-0932.json +++ b/2018/0xxx/CVE-2018-0932.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0932", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Internet Explorer, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0932" } ] } diff --git a/2018/0xxx/CVE-2018-0933.json b/2018/0xxx/CVE-2018-0933.json index 18db1cb9464..0c5153c4141 100644 --- a/2018/0xxx/CVE-2018-0933.json +++ b/2018/0xxx/CVE-2018-0933.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0933", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933" } ] } diff --git a/2018/0xxx/CVE-2018-0934.json b/2018/0xxx/CVE-2018-0934.json index 35344b3024e..8780894b590 100644 --- a/2018/0xxx/CVE-2018-0934.json +++ b/2018/0xxx/CVE-2018-0934.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0934", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934" } ] } diff --git a/2018/0xxx/CVE-2018-0935.json b/2018/0xxx/CVE-2018-0935.json index af64ca8710d..26b6bd05b8c 100644 --- a/2018/0xxx/CVE-2018-0935.json +++ b/2018/0xxx/CVE-2018-0935.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0935", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Internet Explorer", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0935" } ] } diff --git a/2018/0xxx/CVE-2018-0936.json b/2018/0xxx/CVE-2018-0936.json index 987b478a38d..0a2a2581b2d 100644 --- a/2018/0xxx/CVE-2018-0936.json +++ b/2018/0xxx/CVE-2018-0936.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0936", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore and Microsoft Windows 10 1709." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0936" } ] } diff --git a/2018/0xxx/CVE-2018-0937.json b/2018/0xxx/CVE-2018-0937.json index 90706cbae55..999daf32f54 100644 --- a/2018/0xxx/CVE-2018-0937.json +++ b/2018/0xxx/CVE-2018-0937.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0937", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore, and Microsoft Windows 10 1703 and 1709." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0937" } ] } diff --git a/2018/0xxx/CVE-2018-0939.json b/2018/0xxx/CVE-2018-0939.json index cef23e8ffd3..e0a56f7b53c 100644 --- a/2018/0xxx/CVE-2018-0939.json +++ b/2018/0xxx/CVE-2018-0939.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0939", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore, Microsoft Edge", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 10 1703 and 1709." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0891." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0939" } ] } diff --git a/2018/0xxx/CVE-2018-0940.json b/2018/0xxx/CVE-2018-0940.json index 41149c8f883..25826230042 100644 --- a/2018/0xxx/CVE-2018-0940.json +++ b/2018/0xxx/CVE-2018-0940.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0940", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Exchange Outlook Web Access (OWA)", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka \"Microsoft Exchange Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940" } ] } diff --git a/2018/0xxx/CVE-2018-0941.json b/2018/0xxx/CVE-2018-0941.json index 026551b7231..4f4146e4e66 100644 --- a/2018/0xxx/CVE-2018-0941.json +++ b/2018/0xxx/CVE-2018-0941.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0941", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Exchange Server", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka \"Microsoft Exchange Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0924." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0941" } ] } diff --git a/2018/0xxx/CVE-2018-0942.json b/2018/0xxx/CVE-2018-0942.json index b25c9b84131..e120ce5f868 100644 --- a/2018/0xxx/CVE-2018-0942.json +++ b/2018/0xxx/CVE-2018-0942.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0942", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Internet Explorer", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka \"Internet Explorer Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0942" } ] } diff --git a/2018/0xxx/CVE-2018-0944.json b/2018/0xxx/CVE-2018-0944.json index f7f9129b67d..cb96bca77a6 100644 --- a/2018/0xxx/CVE-2018-0944.json +++ b/2018/0xxx/CVE-2018-0944.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0944", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944" } ] } diff --git a/2018/0xxx/CVE-2018-0947.json b/2018/0xxx/CVE-2018-0947.json index cbaefedb03a..b3001016280 100644 --- a/2018/0xxx/CVE-2018-0947.json +++ b/2018/0xxx/CVE-2018-0947.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0947", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947" } ] } diff --git a/2018/0xxx/CVE-2018-0977.json b/2018/0xxx/CVE-2018-0977.json index 841d0455980..4fe2a3e6078 100644 --- a/2018/0xxx/CVE-2018-0977.json +++ b/2018/0xxx/CVE-2018-0977.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0977", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of peivilwgw vulnerability due to how objects are handled in memory, aka \"Win32k Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0977" } ] } diff --git a/2018/0xxx/CVE-2018-0983.json b/2018/0xxx/CVE-2018-0983.json index dbfccc8e78e..f883ce485ab 100644 --- a/2018/0xxx/CVE-2018-0983.json +++ b/2018/0xxx/CVE-2018-0983.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-03-14T00:00:00", "ID" : "CVE-2018-0983", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Windows Storage Services", + "version" : { + "version_data" : [ + { + "version_value" : "Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Storage Services Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0983" } ] }