CVSS: 6.1EPSS: 13%CPEs: 7EXPL: 0CVE-2014-1754
https://notcve.org/view.php?id=CVE-2014-1754
14 May 2014 — Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability." Vulnerabilidad de XSS en Microsoft SharePoint Server 2013 Gold y SP1, SharePoint Foundation 2013 Gold y SP1, Office Web Apps Server 2013 Gold y SP1 y SharePoint Server... • http://www.securityfocus.com/bid/67288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 92%CPEs: 17EXPL: 2CVE-2014-1761 – Microsoft Word Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1761
24 Mar 2014 — Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word View... • https://packetstorm.news/files/id/126071 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 28%CPEs: 13EXPL: 0CVE-2014-0260
https://notcve.org/view.php?id=CVE-2014-0260
15 Jan 2014 — Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; W... • http://www.securitytracker.com/id/1029598 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 11%CPEs: 4EXPL: 0CVE-2013-5059
https://notcve.org/view.php?id=CVE-2013-5059
11 Dec 2013 — Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities." Microsoft SharePoint Server 2010 SP1 y SP2 y 2013, y Office Web Apps 2013, permite a atacantes remotos ejecutar código arbitrario a través de un contenido de página manipulado, también conocido como "Vulnerabilidades de contenido SharePoint". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 18EXPL: 0CVE-2013-3889
https://notcve.org/view.php?id=CVE-2013-3889
09 Oct 2013 — Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability." Microsoft Excel 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para... • http://www.us-cert.gov/ncas/alerts/TA13-288A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 12%CPEs: 5EXPL: 0CVE-2013-3895
https://notcve.org/view.php?id=CVE-2013-3895
09 Oct 2013 — Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability." Microsoft SharePoint Server 2007 SP3 y 2010 SP1 y SP2 permite a atacantes remotos llevar a cabo ataques clickjacking a través de una página web diseñada, también conocida como "Vulnerabilidad de Inyección de Parámetros". • http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 48%CPEs: 13EXPL: 0CVE-2013-3847
https://notcve.org/view.php?id=CVE-2013-3847
11 Sep 2013 — Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Serve... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 7EXPL: 0CVE-2013-3848
https://notcve.org/view.php?id=CVE-2013-3848
11 Sep 2013 — Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Serve... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 8EXPL: 0CVE-2013-3849
https://notcve.org/view.php?id=CVE-2013-3849
11 Sep 2013 — Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Serve... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 12EXPL: 0CVE-2013-3857
https://notcve.org/view.php?id=CVE-2013-3857
11 Sep 2013 — Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word Automation Services en SharePoint Server 2010 SP1 y SP2, Word Web App 2010 SP1 y SP2 en Office ... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •