CVSS: 9.3EPSS: 25%CPEs: 16EXPL: 0CVE-2019-0585 – Microsoft Office Word wwlib Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0585
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Word cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft Word Remote Code Execution Vulnerability". Esto afecta a Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word y Microsoft SharePoint Server. • http://www.securityfocus.com/bid/106392 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8635
https://notcve.org/view.php?id=CVE-2018-8635
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición de autenticación especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability." Esto afecta a Microsoft SharePoint Server y Microsoft SharePoint. • http://www.securityfocus.com/bid/106121 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-8627
https://notcve.org/view.php?id=CVE-2018-8627
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. Existe una vulnerabilidad de divulgación de información cuando el software de Microsoft Excel lee memoria fuera de límites debido a una variable no inicializada, que podría divulgar el contenido de la memoria. Esto también se conoce como "Microsoft Excel Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/106120 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8580
https://notcve.org/view.php?id=CVE-2018-8580
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. Existe una vulnerabilidad de divulgación de información cuando ciertos modos de la función de búsqueda de Microsoft SharePoint Server son vulnerables a ataques de búsqueda en sitios cruzados (una variante del Cross-Site Request Forgery o CSRF). Esto también se conoce como "Microsoft SharePoint Information Disclosure Vulnerability". Esto afecta a Microsoft SharePoint. • http://www.securityfocus.com/bid/106096 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 7%CPEs: 15EXPL: 0CVE-2018-8628 – Microsoft Office PowerPoint PPT File Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8628
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft PowerPoint cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft PowerPoint Remote Code Execution Vulnerability". Esto afecta a Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server y Microsoft SharePoint Server. • http://www.securityfocus.com/bid/106104 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 •