Exchange Security Vulnerabilities
7.5CVSS
7.3AI Score
0.002EPSS
8CVSS
8.5AI Score
0.0005EPSS
8CVSS
8.5AI Score
0.0004EPSS
7.2CVSS
8.3AI Score
0.013EPSS
6.5CVSS
6.5AI Score
0.11EPSS
6.5CVSS
7.5AI Score
0.917EPSS
7.8CVSS
8.2AI Score
0.015EPSS
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS...
5.4CVSS
5.2AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.041EPSS
8.8CVSS
9.2AI Score
0.013EPSS
9CVSS
9.2AI Score
0.004EPSS
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain...
7.8CVSS
7.6AI Score
0.0004EPSS
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected...
9.8CVSS
9.3AI Score
0.002EPSS
9.1CVSS
8.8AI Score
0.041EPSS
6.6CVSS
8.1AI Score
0.011EPSS
9.1CVSS
8.8AI Score
0.041EPSS
6.5CVSS
6AI Score
0.001EPSS
A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user. This update addresses this vulnerability. To prevent these types of attacks, Microsoft recommends customers to download inline images from...
5.4CVSS
5.6AI Score
0.001EPSS
8.8CVSS
8.2AI Score
0.005EPSS
8.4CVSS
8.9AI Score
0.025EPSS
9.1CVSS
8.9AI Score
0.034EPSS
6.6CVSS
7.6AI Score
0.007EPSS
6.2CVSS
6.3AI Score
0.001EPSS
5.5CVSS
6.7AI Score
0.013EPSS
8.5CVSS
8.4AI Score
0.008EPSS
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane...
7.5CVSS
7.3AI Score
0.002EPSS
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include...
7.1CVSS
6.6AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated....
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number....
9.8CVSS
9.4AI Score
0.017EPSS
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
6.3AI Score
0.001EPSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
5.3CVSS
5AI Score
0.004EPSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...
5.3CVSS
5.3AI Score
0.001EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing...
5.4CVSS
5.1AI Score
0.001EPSS
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial...
7CVSS
6.9AI Score
0.001EPSS
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and.....
5.5CVSS
5.4AI Score
0.001EPSS
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable...
5.5CVSS
6.1AI Score
0.001EPSS
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner...
5.5CVSS
5.5AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege...
8.1CVSS
7.9AI Score
0.003EPSS