CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1450
https://notcve.org/view.php?id=CVE-2020-1450
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456. Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como "Microsoft Office SharePoint XSS Vulnerability". Este ID de CVE es diferente de CVE-2020-1451, CVE-2020-1456 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 0CVE-2020-1447
https://notcve.org/view.php?id=CVE-2020-1447
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448. Se presenta una vulnerabilidad de ejecución de código remota en el software de Microsoft Word cuando no puede manejar apropiadamente objetos en memoria, también se conoce como "Microsoft Word Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-1446, CVE-2020-1448 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447 •
CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 0CVE-2020-1446
https://notcve.org/view.php?id=CVE-2020-1446
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448. Se presenta una vulnerabilidad de ejecución de código remota en el software de Microsoft Word cuando no puede manejar apropiadamente objetos en memoria, también se conoce como "Microsoft Word Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-1447, CVE-2020-1448 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446 •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1445
https://notcve.org/view.php?id=CVE-2020-1445
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342. Se presenta una vulnerabilidad de divulgación de información cuando Microsoft Office divulga inapropiadamente el contenido de su memoria, también se conoce como "Microsoft Office Information Disclosure Vulnerability". Este ID de CVE es diferente de CVE-2020-1342 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445 •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-1439 – Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1439
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en PerformancePoint Services para SharePoint Server cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como "PerformancePoint Services Remote Code Execution Vulnerability" This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft.PerformancePoint.Scorecards.Client module. Instantiating the ExcelDataSet control can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the SharePoint web server process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 https://www.zerodayinitiative.com/advisories/ZDI-20-874 • CWE-502: Deserialization of Untrusted Data •