Lucene search

K
MicrosoftExchange Server

216 matches found

CVE
CVE
added 2019/11/12 7:15 p.m.114 views

CVE-2019-1373

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

9.8CVSS9.7AI score0.12497EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.112 views

CVE-2019-0817

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

5.8CVSS5.5AI score0.01701EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.112 views

CVE-2019-0858

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.

6.1CVSS5.5AI score0.01701EPSS
CVE
CVE
added 2008/07/08 11:41 p.m.107 views

CVE-2008-2248

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

4.3CVSS6.2AI score0.25123EPSS
CVE
CVE
added 2020/11/11 7:15 a.m.103 views

CVE-2020-17083

Microsoft Exchange Server Remote Code Execution Vulnerability

5.5CVSS6.3AI score0.43395EPSS
CVE
CVE
added 2021/10/13 1:15 a.m.102 views

CVE-2021-41350

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.6AI score0.03602EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.101 views

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.100 views

CVE-2016-0032

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.100 views

CVE-2018-8154

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

10CVSS6.9AI score0.18036EPSS
CVE
CVE
added 2019/07/29 2:14 p.m.99 views

CVE-2019-1137

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

5.4CVSS5AI score0.00799EPSS
CVE
CVE
added 2020/11/11 7:15 a.m.98 views

CVE-2020-17085

Microsoft Exchange Server Denial of Service Vulnerability

6.2CVSS6.5AI score0.04239EPSS
CVE
CVE
added 2018/10/10 1:29 p.m.97 views

CVE-2018-8265

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

9.3CVSS7.8AI score0.18296EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.96 views

CVE-2004-0574

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an...

10CVSS7.7AI score0.85365EPSS
CVE
CVE
added 2019/01/08 9:29 p.m.96 views

CVE-2019-0586

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

10CVSS9.4AI score0.20842EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.95 views

CVE-2016-0031

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

6.1CVSS5.8AI score0.01465EPSS
CVE
CVE
added 2022/08/09 8:15 p.m.95 views

CVE-2022-34692

Microsoft Exchange Server Information Disclosure Vulnerability

5.3CVSS6.4AI score0.01948EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.94 views

CVE-2016-0029

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.

6.1CVSS5.8AI score0.01465EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.89 views

CVE-2018-0941

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924.

5.5CVSS5.5AI score0.25846EPSS
CVE
CVE
added 2018/10/10 1:29 p.m.89 views

CVE-2018-8448

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS6.1AI score0.00555EPSS
CVE
CVE
added 2013/12/11 12:55 a.m.87 views

CVE-2013-5072

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."

4.3CVSS5AI score0.06639EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.87 views

CVE-2017-0110

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

6.1CVSS5.9AI score0.01205EPSS
CVE
CVE
added 2018/08/15 5:29 p.m.87 views

CVE-2018-8302

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

10CVSS9.4AI score0.1694EPSS
CVE
CVE
added 2019/07/29 2:13 p.m.86 views

CVE-2019-1136

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

8.1CVSS5.7AI score0.05403EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.85 views

CVE-2018-0940

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumu...

6.5CVSS6.5AI score0.1153EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.83 views

CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging t...

4.3CVSS4.9AI score0.16066EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.83 views

CVE-2017-8560

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability...

6.1CVSS5.9AI score0.0079EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.82 views

CVE-2010-3937

Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."

4CVSS6.2AI score0.3821EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.82 views

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server ...

6.5CVSS5.5AI score0.25846EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.81 views

CVE-2005-0563

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc ript:") in an IMG tag.

4.3CVSS5.5AI score0.22959EPSS
CVE
CVE
added 2019/01/08 9:29 p.m.80 views

CVE-2019-0588

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

6.5CVSS7AI score0.03687EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.78 views

CVE-1999-0007

Information from SSL-encrypted sessions via PKCS #1.

5CVSS7.4AI score0.05124EPSS
CVE
CVE
added 2017/05/26 8:29 p.m.78 views

CVE-2017-8537

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Excha...

5.5CVSS5.1AI score0.1918EPSS
CVE
CVE
added 2012/12/12 12:55 a.m.77 views

CVE-2012-4791

Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."

3.5CVSS6.3AI score0.367EPSS
CVE
CVE
added 2009/02/10 10:30 p.m.76 views

CVE-2009-0098

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.57971EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.76 views

CVE-2017-8621

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

6.1CVSS6AI score0.00915EPSS
CVE
CVE
added 2018/12/12 12:29 a.m.76 views

CVE-2018-8604

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS4.2AI score0.03652EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.74 views

CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX re...

5CVSS6.2AI score0.40008EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.74 views

CVE-2016-3378

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Micro...

7.4CVSS7AI score0.02934EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.72 views

CVE-2018-8151

An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.

4.3CVSS6.1AI score0.18036EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.71 views

CVE-2004-0840

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response messa...

10CVSS7.4AI score0.42549EPSS
CVE
CVE
added 2017/09/13 1:29 a.m.71 views

CVE-2017-8758

Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."

6.1CVSS5.9AI score0.0079EPSS
CVE
CVE
added 2023/09/12 5:15 p.m.68 views

CVE-2023-36777

Microsoft Exchange Server Information Disclosure Vulnerability

5.7CVSS5.5AI score0.02252EPSS
CVE
CVE
added 2010/05/07 6:30 p.m.65 views

CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.64 views

CVE-2015-1771

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."

6.8CVSS7.3AI score0.02384EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.63 views

CVE-2015-2359

Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."

4.3CVSS5.9AI score0.14054EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.63 views

CVE-2018-8159

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00997EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.62 views

CVE-2015-1764

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forger...

4.3CVSS6.6AI score0.09472EPSS
CVE
CVE
added 2017/12/12 9:29 p.m.62 views

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

8.1CVSS7.7AI score0.11456EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.61 views

CVE-2000-0216

Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.

5CVSS6.8AI score0.13016EPSS
CVE
CVE
added 2001/06/02 4:0 a.m.61 views

CVE-2001-0146

IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.

5CVSS6.7AI score0.12277EPSS
Total number of security vulnerabilities216