CVSS: 8.8EPSS: 5%CPEs: 4EXPL: 0CVE-2021-27076 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27076
11 Mar 2021 — Microsoft SharePoint Server Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of InfoPath attachments. Tampering with client-side data can trigger the deserialization of untrusted data. An attacker can leverage thi... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076 •
CVSS: 8.8EPSS: 29%CPEs: 5EXPL: 0CVE-2020-0931 – Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0931
15 Apr 2020 — A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software da un fallo al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0795
https://notcve.org/view.php?id=CVE-2020-0795
12 Mar 2020 — This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891. Esta vulnerabilidad es causada cuando SharePoint Server no sanea apropiadamente una petición especialmente diseñada en un servidor SharePoint... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0558
https://notcve.org/view.php?id=CVE-2019-0558
08 Jan 2019 — A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557. Existe una vulnerabilidad de Cross-Site Scripting (XSS) cuando Microsoft SharePoint Server no sanea correctamente una pet... • http://www.securityfocus.com/bid/106389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 34%CPEs: 4EXPL: 0CVE-2017-0243
https://notcve.org/view.php?id=CVE-2017-0243
11 Jul 2017 — Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. Microsoft Office permite una vulnerabilidad de ejecución de código remota debido a la manera en que se manejan los objetos en la memoria, también se conoce como "Microsoft Office Remote Code Execution Vulnerability". Este ID de CVE es diferente del CVE-2017-8570. • http://www.securityfocus.com/bid/99446 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •