CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0914
https://notcve.org/view.php?id=CVE-2018-0914
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103291 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0914 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0911
https://notcve.org/view.php?id=CVE-2018-0911
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 y CVE-2018-0947. • http://www.securityfocus.com/bid/103281 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 8%CPEs: 17EXPL: 0CVE-2018-0922
https://notcve.org/view.php?id=CVE-2018-0922
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 y Microsoft Word 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/103314 http://www.securitytracker.com/id/1040511 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0910
https://notcve.org/view.php?id=CVE-2018-0910
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 y CVE-2018-0947. • http://www.securityfocus.com/bid/103280 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0947
https://notcve.org/view.php?id=CVE-2018-0947
Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944. Microsoft SharePoint Foundation 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/103306 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •