CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0912
https://notcve.org/view.php?id=CVE-2018-0912
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103285 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-0919
https://notcve.org/view.php?id=CVE-2018-0919
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability". Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 y Microsoft Word 2016 permiten una vulnerabilidad de divulgación de información debido a la forma en la que se inicializan las variables. Estot ambién se conoce como "Microsoft Office Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/103311 http://www.securitytracker.com/id/1040526 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0923
https://notcve.org/view.php?id=CVE-2018-0923
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947. Microsoft SharePoint Enterprise Server 2016 permite una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103308 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0790
https://notcve.org/view.php?id=CVE-2018-0790
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 y Microsoft SharePoint Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se gestionan las peticiones web. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". Este CVE es diferente de CVE-2018-0789. • http://www.securityfocus.com/bid/102391 http://www.securitytracker.com/id/1040150 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0799
https://notcve.org/view.php?id=CVE-2018-0799
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". Microsoft Access en Microsoft SharePoint Enterprise Server 2013 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de Cross-Site Scripting (XSS) debido a la forma en la que se gestionan los valores de campo de imagen. Esto también se conoce como "Microsoft Access Tampering Vulnerability". • http://www.securityfocus.com/bid/102411 http://www.securitytracker.com/id/1040157 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •