CVSS: 8.0EPSS: 2%CPEs: 1EXPL: 0CVE-2020-1182 – Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1182
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Dynamics 365 for Finance and Operations (en sitio) versión 10.0.11, también se conoce como "Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1182 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-1493 – Microsoft Outlook Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-1493
An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. Se presenta una vulnerabilidad de divulgación de información al adjuntar archivos a mensajes de Outlook, también se conoce como "Microsoft Outlook Information Disclosure Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Outlook. • https://github.com/0neb1n/CVE-2020-1493 http://packetstormsecurity.com/files/169960/Microsoft-Outlook-2019-16.0.12624.20424-Out-Of-Bounds-Read.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1581 – Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1581
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory. Se presenta una vulnerabilidad de elevación de privilegios en la manera en que los componentes Microsoft Office Click-to-Run (C2R) manejan objetos en memoria, también se conoce como "Microsoft Office Click-to-Run Elevation of Privilege Vulnerability". This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581 •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2020-1458
https://notcve.org/view.php?id=CVE-2020-1458
A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota cuando Microsoft Office comprueba inapropiadamente la entrada antes de cargar archivos dynamic link library (DLL), también se conoce como "Microsoft Office Remote Code Execution Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1458 • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2020-1449
https://notcve.org/view.php?id=CVE-2020-1449
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Project cuando el software presenta un fallo al comprobar el marcado de origen de un archivo, también se conoce como "Microsoft Project Remote Code Execution Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1449 • CWE-346: Origin Validation Error •