CVSS: 5.4EPSS: 1%CPEs: 3EXPL: 0CVE-2020-1443
https://notcve.org/view.php?id=CVE-2020-1443
14 Jul 2020 — A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como "Microsoft SharePoint Spoofing Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443 •
CVSS: 4.3EPSS: 19%CPEs: 3EXPL: 0CVE-2020-1444
https://notcve.org/view.php?id=CVE-2020-1444
14 Jul 2020 — A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en la manera en que el software Microsoft SharePoint analiza los mensajes de correo electrónico especialmente diseñados, también se conoce como "Microsoft SharePoint Remote Code Execution Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444 •
CVSS: 8.8EPSS: 20%CPEs: 5EXPL: 0CVE-2020-1439 – Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1439
14 Jul 2020 — A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en PerformancePoint Services para SharePoint Server cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como "PerformancePoint Services Remote Code ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 17%CPEs: 16EXPL: 0CVE-2020-1342
https://notcve.org/view.php?id=CVE-2020-1342
14 Jul 2020 — An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445. Se presenta una vulnerabilidad de divulgación de información cuando el software Microsoft Office lee la memoria fuera de limites debido a una variable no inicializada, que podría revelar el contenido de la memoria, también se ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 92%CPEs: 88EXPL: 9CVE-2020-1147 – Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1147
14 Jul 2020 — A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como ... • https://packetstorm.news/files/id/163644 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 0CVE-2020-1025 – Microsoft Office Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1025
14 Jul 2020 — An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens. Se presenta una vulnerabilidad de elevac... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 0CVE-2020-1323
https://notcve.org/view.php?id=CVE-2020-1323
09 Jun 2020 — An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. Se presenta una vulnerabilidad de redireccionamiento abierto en Microsoft SharePoint que podría conllevar a una suplantación de identidad. Para explotar la vulnerabilidad, un atacante podría enviar un enlace que tenga una URL especialmente di... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1323 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1318
https://notcve.org/view.php?id=CVE-2020-1318
09 Jun 2020 — A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320. Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor S... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1320
https://notcve.org/view.php?id=CVE-2020-1320
09 Jun 2020 — A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318. Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor S... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1298
https://notcve.org/view.php?id=CVE-2020-1298
09 Jun 2020 — A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320. Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor S... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •