CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-8627
https://notcve.org/view.php?id=CVE-2018-8627
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. Existe una vulnerabilidad de divulgación de información cuando el software de Microsoft Excel lee memoria fuera de límites debido a una variable no inicializada, que podría divulgar el contenido de la memoria. Esto también se conoce como "Microsoft Excel Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/106120 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8580
https://notcve.org/view.php?id=CVE-2018-8580
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. Existe una vulnerabilidad de divulgación de información cuando ciertos modos de la función de búsqueda de Microsoft SharePoint Server son vulnerables a ataques de búsqueda en sitios cruzados (una variante del Cross-Site Request Forgery o CSRF). Esto también se conoce como "Microsoft SharePoint Information Disclosure Vulnerability". Esto afecta a Microsoft SharePoint. • http://www.securityfocus.com/bid/106096 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 7%CPEs: 15EXPL: 0CVE-2018-8628 – Microsoft Office PowerPoint PPT File Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8628
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server. Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft PowerPoint cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft PowerPoint Remote Code Execution Vulnerability". Esto afecta a Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server y Microsoft SharePoint Server. • http://www.securityfocus.com/bid/106104 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628 •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8572
https://notcve.org/view.php?id=CVE-2018-8572
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568. Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/105831 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8568
https://notcve.org/view.php?id=CVE-2018-8568
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572. Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/105829 http://www.securitytracker.com/id/1042136 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •