CVSS: 5.7EPSS: 57%CPEs: 20EXPL: 1CVE-2011-1892 – SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
https://notcve.org/view.php?id=CVE-2011-1892
15 Sep 2011 — Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote a... • https://www.exploit-db.com/exploits/17873 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 61%CPEs: 12EXPL: 0CVE-2010-3214
https://notcve.org/view.php?id=CVE-2010-3214
13 Oct 2010 — Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, y 2010; Office 2004 y... • http://www.securityfocus.com/archive/1/514302/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •