CVSS: 8.8EPSS: 24%CPEs: 3EXPL: 0CVE-2021-40487 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-40487
Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-41344 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Microsoft.SharePoint.WorkflowActions.SetVariableActivity class. A crafted SetVariableActivity element can result in instantiation of an arbitrary .NET type. An attacker can leverage this vulnerability to execute code in the context of the web service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487 https://www.zerodayinitiative.com/advisories/ZDI-21-1225 •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2021-40486 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-40486
Microsoft Word Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Word This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40486 https://www.zerodayinitiative.com/advisories/ZDI-21-1158 •
CVSS: 7.8EPSS: 27%CPEs: 10EXPL: 0CVE-2021-40485 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-40485
Microsoft Excel Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Excel. Este ID de CVE es diferente de CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40485 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-40484 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-40484
Microsoft SharePoint Server Spoofing Vulnerability Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-40483 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40484 •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38652 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-38652
Microsoft SharePoint Server Spoofing Vulnerability Una Vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint Server. Este CVE ID es diferente de CVE-2021-38651 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652 •