Lucene search

K
MicrosoftExchange Server2010

27 matches found

CVE
CVE
added 2020/02/11 10:15 p.m.2559 views

CVE-2020-0688

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

9CVSS8.5AI score0.94418EPSS
CVE
CVE
added 2021/03/03 12:15 a.m.1779 views

CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability

7.8CVSS9.3AI score0.85282EPSS
CVE
CVE
added 2021/03/03 12:15 a.m.1615 views

CVE-2021-26857

Microsoft Exchange Server Remote Code Execution Vulnerability

7.8CVSS9.3AI score0.09045EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.1120 views

CVE-2018-8581

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

7.4CVSS7.4AI score0.90869EPSS
CVE
CVE
added 2020/12/10 12:15 a.m.1087 views

CVE-2020-17144

Microsoft Exchange Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.9206EPSS
CVE
CVE
added 2019/07/15 7:15 p.m.253 views

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisib...

6.5CVSS5.3AI score0.07824EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.183 views

CVE-2019-0724

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.

9.3CVSS7.5AI score0.59226EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.120 views

CVE-2019-0686

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.

7.4CVSS7.5AI score0.59226EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.112 views

CVE-2019-0817

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

5.8CVSS5.5AI score0.01701EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.100 views

CVE-2018-8154

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

10CVSS6.9AI score0.18036EPSS
CVE
CVE
added 2013/12/11 12:55 a.m.87 views

CVE-2013-5072

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."

4.3CVSS5AI score0.06639EPSS
CVE
CVE
added 2018/08/15 5:29 p.m.87 views

CVE-2018-8302

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

10CVSS9.4AI score0.1694EPSS
CVE
CVE
added 2019/07/29 2:13 p.m.86 views

CVE-2019-1136

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

8.1CVSS5.7AI score0.05403EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.85 views

CVE-2018-0940

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumu...

6.5CVSS6.5AI score0.1153EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.83 views

CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging t...

4.3CVSS4.9AI score0.16066EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.82 views

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server ...

6.5CVSS5.5AI score0.25846EPSS
CVE
CVE
added 2019/01/08 9:29 p.m.80 views

CVE-2019-0588

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

6.5CVSS7AI score0.03687EPSS
CVE
CVE
added 2012/12/12 12:55 a.m.77 views

CVE-2012-4791

Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."

3.5CVSS6.3AI score0.367EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.76 views

CVE-2017-8621

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

6.1CVSS6AI score0.00915EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.74 views

CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX re...

5CVSS6.2AI score0.40008EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.72 views

CVE-2018-8151

An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.

4.3CVSS6.1AI score0.18036EPSS
CVE
CVE
added 2010/05/07 6:30 p.m.65 views

CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.61 views

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of i...

5CVSS6.7AI score0.54363EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.60 views

CVE-2013-0418

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information...

6.8CVSS5.9AI score0.25098EPSS
CVE
CVE
added 2018/09/21 4:29 p.m.58 views

CVE-2018-16793

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

8.6CVSS8.4AI score0.0034EPSS
CVE
CVE
added 2014/12/11 12:59 a.m.54 views

CVE-2014-6319

Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability....

5CVSS6.7AI score0.05143EPSS
CVE
CVE
added 2010/05/07 6:30 p.m.53 views

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS