Page 19 of 504 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-34468, CVE-2021-34520 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467 •

CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0

Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-34467, CVE-2021-34468 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Microsoft.SharePoint.WorkflowActions.SetVariableActivity class. A crafted SetVariableActivity element can result in instantiation of an arbitrary .NET type. An attacker can leverage this vulnerability to execute code in the context of the web service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520 https://www.zerodayinitiative.com/advisories/ZDI-21-828 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.3EPSS: 23%CPEs: 3EXPL: 0

Microsoft SharePoint Server Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Microsoft SharePoint Server This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of SharePoint Help updates. The issue results from a missing integrity check on update downloads. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519 https://www.zerodayinitiative.com/advisories/ZDI-21-830 •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Microsoft SharePoint Server Spoofing Vulnerability Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint Server • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517 •

CVSS: 8.0EPSS: 1%CPEs: 3EXPL: 0

Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-34467, CVE-2021-34520 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability. The specific flaw exists within the parsing of CAB files. When handling filenames specified within a CAB file, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468 https://www.zerodayinitiative.com/advisories/ZDI-21-829 •