CVSS: 8.8EPSS: 4%CPEs: 4EXPL: 0CVE-2021-27076 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27076
Microsoft SharePoint Server Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of InfoPath attachments. Tampering with client-side data can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the SharePoint web server process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076 https://www.zerodayinitiative.com/advisories/ZDI-21-276 •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-0931 – Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0931
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software da un fallo al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como "Microsoft SharePoint Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0795
https://notcve.org/view.php?id=CVE-2020-0795
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891. Esta vulnerabilidad es causada cuando SharePoint Server no sanea apropiadamente una petición especialmente diseñada en un servidor SharePoint afectado. Un atacante autenticado podría explotar esta vulnerabilidad mediante el envío de una petición especialmente diseñada hacia un servidor SharePoint afectado, también se conoce como "Microsoft SharePoint Reflective XSS Vulnerability". Este ID de CVE es diferente de CVE-2020-0891. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0558
https://notcve.org/view.php?id=CVE-2019-0558
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557. Existe una vulnerabilidad de Cross-Site Scripting (XSS) cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como "Microsoft Office SharePoint XSS Vulnerability". • http://www.securityfocus.com/bid/106389 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 18%CPEs: 4EXPL: 0CVE-2017-0243
https://notcve.org/view.php?id=CVE-2017-0243
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. Microsoft Office permite una vulnerabilidad de ejecución de código remota debido a la manera en que se manejan los objetos en la memoria, también se conoce como "Microsoft Office Remote Code Execution Vulnerability". Este ID de CVE es diferente del CVE-2017-8570. • http://www.securityfocus.com/bid/99446 http://www.securitytracker.com/id/1038851 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •