diff --git a/2018/0xxx/CVE-2018-0764.json b/2018/0xxx/CVE-2018-0764.json index 608816f5284..b141e3a6320 100644 --- a/2018/0xxx/CVE-2018-0764.json +++ b/2018/0xxx/CVE-2018-0764.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0764", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : ".NET Framework and .NET Core", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0764" } ] } diff --git a/2018/0xxx/CVE-2018-0784.json b/2018/0xxx/CVE-2018-0784.json index dce3de172ac..d4d89d41e33 100644 --- a/2018/0xxx/CVE-2018-0784.json +++ b/2018/0xxx/CVE-2018-0784.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0784", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ASP.NET Core", + "version" : { + "version_data" : [ + { + "version_value" : "ASP.NET Core 1.0. 1.1, and 2.0" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0808." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0784" } ] } diff --git a/2018/0xxx/CVE-2018-0785.json b/2018/0xxx/CVE-2018-0785.json index 631fc32f558..a957c07c611 100644 --- a/2018/0xxx/CVE-2018-0785.json +++ b/2018/0xxx/CVE-2018-0785.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0785", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ASP.NET Core", + "version" : { + "version_data" : [ + { + "version_value" : "ASP.NET Core 1.0. 1.1, and 2.0" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Cross Site Request Forgery Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Tampering" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0785" } ] } diff --git a/2018/0xxx/CVE-2018-0786.json b/2018/0xxx/CVE-2018-0786.json index da20e62ce8b..0027ad89d5c 100644 --- a/2018/0xxx/CVE-2018-0786.json +++ b/2018/0xxx/CVE-2018-0786.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0786", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : ".NET Framework and .NET Core", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5,4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 and .NET Core 1.0 and 2.0" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 and .NET Core 1.0 and 2.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Security Feature Bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0786" } ] } diff --git a/2018/0xxx/CVE-2018-0789.json b/2018/0xxx/CVE-2018-0789.json index bd36eb4173a..8f937039492 100644 --- a/2018/0xxx/CVE-2018-0789.json +++ b/2018/0xxx/CVE-2018-0789.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0789", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint Server", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0790." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0789" } ] } diff --git a/2018/0xxx/CVE-2018-0790.json b/2018/0xxx/CVE-2018-0790.json index 02b3cf27f3c..73335cf0fed 100644 --- a/2018/0xxx/CVE-2018-0790.json +++ b/2018/0xxx/CVE-2018-0790.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0790", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft SharePoint", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0789." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of Privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0790" } ] } diff --git a/2018/0xxx/CVE-2018-0791.json b/2018/0xxx/CVE-2018-0791.json index 9d8040fdb5f..ff74dac8ca1 100644 --- a/2018/0xxx/CVE-2018-0791.json +++ b/2018/0xxx/CVE-2018-0791.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0791", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Outlook", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0791" } ] } diff --git a/2018/0xxx/CVE-2018-0792.json b/2018/0xxx/CVE-2018-0792.json index 78f07c309f7..f920292f275 100644 --- a/2018/0xxx/CVE-2018-0792.json +++ b/2018/0xxx/CVE-2018-0792.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0792", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Word", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0794." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0792" } ] } diff --git a/2018/0xxx/CVE-2018-0793.json b/2018/0xxx/CVE-2018-0793.json index da225d15da7..893e939c52c 100644 --- a/2018/0xxx/CVE-2018-0793.json +++ b/2018/0xxx/CVE-2018-0793.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0793", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Outlook", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0793" } ] } diff --git a/2018/0xxx/CVE-2018-0794.json b/2018/0xxx/CVE-2018-0794.json index f50700301af..e48fdbc5b93 100644 --- a/2018/0xxx/CVE-2018-0794.json +++ b/2018/0xxx/CVE-2018-0794.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0794", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Word", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0792." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0794" } ] } diff --git a/2018/0xxx/CVE-2018-0795.json b/2018/0xxx/CVE-2018-0795.json index 57a456569c1..e8170f48f1e 100644 --- a/2018/0xxx/CVE-2018-0795.json +++ b/2018/0xxx/CVE-2018-0795.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0795", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Office", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0795" } ] } diff --git a/2018/0xxx/CVE-2018-0796.json b/2018/0xxx/CVE-2018-0796.json index c78d626ce01..79a22d42ba9 100644 --- a/2018/0xxx/CVE-2018-0796.json +++ b/2018/0xxx/CVE-2018-0796.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0796", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Excel", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0796" } ] } diff --git a/2018/0xxx/CVE-2018-0797.json b/2018/0xxx/CVE-2018-0797.json index eb4d7fb4217..d954ca8c402 100644 --- a/2018/0xxx/CVE-2018-0797.json +++ b/2018/0xxx/CVE-2018-0797.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0797", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Office", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0797" } ] } diff --git a/2018/0xxx/CVE-2018-0798.json b/2018/0xxx/CVE-2018-0798.json index ae57aef52db..0d5b0d14449 100644 --- a/2018/0xxx/CVE-2018-0798.json +++ b/2018/0xxx/CVE-2018-0798.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0798", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0798" } ] } diff --git a/2018/0xxx/CVE-2018-0799.json b/2018/0xxx/CVE-2018-0799.json index eab6dd4b7db..e03d97ca5fc 100644 --- a/2018/0xxx/CVE-2018-0799.json +++ b/2018/0xxx/CVE-2018-0799.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0799", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Access", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled,3aka \"Microsoft Access Tampering Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Tampering" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0799" } ] } diff --git a/2018/0xxx/CVE-2018-0801.json b/2018/0xxx/CVE-2018-0801.json index 8cbdff08caa..ce2fb38a364 100644 --- a/2018/0xxx/CVE-2018-0801.json +++ b/2018/0xxx/CVE-2018-0801.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0801", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0801" } ] } diff --git a/2018/0xxx/CVE-2018-0802.json b/2018/0xxx/CVE-2018-0802.json index 0a7381ea5ac..c21fe4702a0 100644 --- a/2018/0xxx/CVE-2018-0802.json +++ b/2018/0xxx/CVE-2018-0802.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0802", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0802" } ] } diff --git a/2018/0xxx/CVE-2018-0804.json b/2018/0xxx/CVE-2018-0804.json index 9542ef12971..b96bbcafb13 100644 --- a/2018/0xxx/CVE-2018-0804.json +++ b/2018/0xxx/CVE-2018-0804.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0804", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory ,aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0804" } ] } diff --git a/2018/0xxx/CVE-2018-0805.json b/2018/0xxx/CVE-2018-0805.json index 86dd8d1f00a..6549333f7b3 100644 --- a/2018/0xxx/CVE-2018-0805.json +++ b/2018/0xxx/CVE-2018-0805.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0805", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory,aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0805" } ] } diff --git a/2018/0xxx/CVE-2018-0806.json b/2018/0xxx/CVE-2018-0806.json index f54ecb18905..e7d30e25f8b 100644 --- a/2018/0xxx/CVE-2018-0806.json +++ b/2018/0xxx/CVE-2018-0806.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0806", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0806" } ] } diff --git a/2018/0xxx/CVE-2018-0807.json b/2018/0xxx/CVE-2018-0807.json index 273ee496661..1f0f6aefe9f 100644 --- a/2018/0xxx/CVE-2018-0807.json +++ b/2018/0xxx/CVE-2018-0807.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0807", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0807" } ] } diff --git a/2018/0xxx/CVE-2018-0812.json b/2018/0xxx/CVE-2018-0812.json index 045ef441865..614d2806dbe 100644 --- a/2018/0xxx/CVE-2018-0812.json +++ b/2018/0xxx/CVE-2018-0812.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0812", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Equation Editor", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0812" } ] } diff --git a/2018/0xxx/CVE-2018-0818.json b/2018/0xxx/CVE-2018-0818.json index 63d698ca811..73238249b2b 100644 --- a/2018/0xxx/CVE-2018-0818.json +++ b/2018/0xxx/CVE-2018-0818.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0818", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ChakraCore", + "version" : { + "version_data" : [ + { + "version_value" : "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka \"Scripting Engine Security Feature Bypass\"." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Security Feature Bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0818" } ] } diff --git a/2018/0xxx/CVE-2018-0819.json b/2018/0xxx/CVE-2018-0819.json index 688b1f0c7c0..c8c0d85fbc7 100644 --- a/2018/0xxx/CVE-2018-0819.json +++ b/2018/0xxx/CVE-2018-0819.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secure@microsoft.com", + "DATE_PUBLIC" : "2018-01-09T00:00:00", "ID" : "CVE-2018-0819", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft Office 2016 for Mac", + "version" : { + "version_data" : [ + { + "version_value" : "Microsoft Office 2016 for Mac" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft Corporation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka \"Spoofing Vulnerability in Microsoft Office for Mac.\"" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Spoofing" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/CVE-2018-0819" } ] }