CVSS: 7.5EPSS: 0%CPEs: 91EXPL: 1CVE-2019-1006
https://notcve.org/view.php?id=CVE-2019-1006
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. Se presenta una vulnerabilidad de omisión de autenticación en Windows Communication Foundation (WCF) y Windows Identity Foundation (WIF), permitiendo la firma de tokens SAML con claves simétricas arbitrarias, también se conoce como "WCF/WIF SAML Token Authentication Bypass Vulnerability". • https://github.com/521526/CVE-2019-1006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 2%CPEs: 24EXPL: 0CVE-2019-0582 – Microsoft Windows JET Database Engine Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0582
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584. Existe una vulnerabilidad de ejecución remota de código cuando el motor de Windows Jet Database gestiona indebidamente los objetos en la memoria. Esto también se conoce como "Jet Database Engine Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/106433 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0582 •
CVSS: 9.3EPSS: 97%CPEs: 25EXPL: 1CVE-2019-0541 – Microsoft MSHTML Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0541
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. Existe una vulnerabilidad de ejecución remota de código debido a la forma en la que el motor MSHTML valida indebidamente las entradas. Esto también se conoce como "MSHTML Engine Remote Code Execution Vulnerability". Esto afecta a Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10 y Office 365 ProPlus. • https://www.exploit-db.com/exploits/46536 http://www.securityfocus.com/bid/106402 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 15%CPEs: 6EXPL: 0CVE-2018-8582
https://notcve.org/view.php?id=CVE-2018-8582
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft Outlook analiza archivos de exportación de reglas especialmente manipulados. Esto también se conoce como "Microsoft Outlook Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/105825 http://www.securitytracker.com/id/1042110 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8582 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-8427
https://notcve.org/view.php?id=CVE-2018-8427
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer. Existe una vulnerabilidad de divulgación de información cuando el componente Windows Graphics de Microsoft gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Graphics Components Information Disclosure Vulnerability". Esto afecta a Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer y Microsoft Excel Viewer. • http://www.securityfocus.com/bid/105453 http://www.securitytracker.com/id/1041823 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •