CVSS: 9.3EPSS: 13%CPEs: 10EXPL: 0CVE-2018-1028
https://notcve.org/view.php?id=CVE-2018-1028
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código cuando el componente de gráficos de Office gestiona fuentes embebidas especialmente manipuladas. Esto también se conoce como "Microsoft Office Graphics Remote Code Execution Vulnerability". Esto afecta a Word, Microsoft Office, Microsoft SharePoint, Excel y Microsoft SharePoint Server. • http://www.securityfocus.com/bid/103641 http://www.securitytracker.com/id/1040654 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0944
https://notcve.org/view.php?id=CVE-2018-0944
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103304 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0915
https://notcve.org/view.php?id=CVE-2018-0915
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103293 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0916
https://notcve.org/view.php?id=CVE-2018-0916
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103294 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0913
https://notcve.org/view.php?id=CVE-2018-0913
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. >Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103290 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •