CVSS: 5.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-8159
https://notcve.org/view.php?id=CVE-2018-8159
09 May 2018 — An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. Existe una vulnerabilidad de elevación de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) fracasa a la hora de gestionar correctamente peticiones web. Esto también se conoce como "Microsoft Exchange Elevation of Privilege Vulnerability". Esto afecta a Microso... • http://www.securityfocus.com/bid/104056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 76%CPEs: 22EXPL: 1CVE-2018-0986 – Microsoft Windows Defender - 'mpengine.dll' Memory Corruption
https://notcve.org/view.php?id=CVE-2018-0986
04 Apr 2018 — A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection. Existe una vulnerabilidad de... • https://www.exploit-db.com/exploits/44402 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 16%CPEs: 6EXPL: 0CVE-2018-0924
https://notcve.org/view.php?id=CVE-2018-0924
14 Mar 2018 — Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941. Mi... • http://www.securityfocus.com/bid/103320 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 8%CPEs: 6EXPL: 0CVE-2018-0940
https://notcve.org/view.php?id=CVE-2018-0940
14 Mar 2018 — Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevat... • http://www.securityfocus.com/bid/103323 •
CVSS: 5.5EPSS: 20%CPEs: 2EXPL: 0CVE-2018-0941
https://notcve.org/view.php?id=CVE-2018-0941
14 Mar 2018 — Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924. Microsoft Exchange Server 2016 Cumulative Update 7 y Microsoft Exchange Server 2016 Cumulative Update 8 permiten una vulnerabilidad de divulgación de información debido a la forma en la que se importan los datos. Esto también se ... • http://www.securityfocus.com/bid/103318 •
CVSS: 8.1EPSS: 12%CPEs: 2EXPL: 0CVE-2017-11932
https://notcve.org/view.php?id=CVE-2017-11932
12 Dec 2017 — Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". Microsoft Exchange Server 2016 CU5 y Microsoft Exchange Server 2016 CU5 permiten una vulnerabilidad de suplantación por la manera en la que Outlook Web Access (OWA) valida las peticiones web. Esta vulnerabilidad también se conoce como "Microsoft Exchange Spoofing Vulnerability". • http://www.securityfocus.com/bid/102060 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 32%CPEs: 15EXPL: 0CVE-2017-11940 – Microsoft Security Bulletin Summary for December, 2017
https://notcve.org/view.php?id=CVE-2017-11940
08 Dec 2017 — The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. Microsoft Malware Protection En... • http://www.securityfocus.com/bid/102104 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 15EXPL: 0CVE-2017-11937 – Microsoft Security Bulletin Summary for December, 2017
https://notcve.org/view.php?id=CVE-2017-11937
06 Dec 2017 — The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". Microsoft Malware Protection Engine que se ejecute en Microsoft Forefr... • http://www.securityfocus.com/bid/102070 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 8%CPEs: 5EXPL: 0CVE-2017-11761
https://notcve.org/view.php?id=CVE-2017-11761
13 Sep 2017 — Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" Microsoft Exchange Server 2013 y Microsoft Exchange Server 2016 permiten que se origine un problema de sanitización de entradas con Microsoft Exchange, lo que podría desembocar en una divulgación de información accidental. Esto también se conoce como "Micros... • http://www.securityfocus.com/bid/100731 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8758
https://notcve.org/view.php?id=CVE-2017-8758
13 Sep 2017 — Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." Microsoft Exchange Server 2016 permite que ocurra una vulnerabilidad de elevación de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) no maneja las peticiones web correctamente. Esto también se conoce como "Microsoft Exchange Cross-Site Scripting Vulnerability." • http://www.securityfocus.com/bid/100723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •