Lucene search

K
MicrosoftExchange Server

31 matches found

CVE
CVE
added 2021/05/11 7:15 p.m.1655 views

CVE-2021-31207

Microsoft Exchange Server Security Feature Bypass Vulnerability

6.6CVSS8.2AI score0.9393EPSS
CVE
CVE
added 2021/02/25 11:15 p.m.315 views

CVE-2021-24085

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.2AI score0.18028EPSS
CVE
CVE
added 2019/07/15 7:15 p.m.253 views

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisib...

6.5CVSS5.3AI score0.07824EPSS
CVE
CVE
added 2021/11/10 1:19 a.m.242 views

CVE-2021-42305

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.5AI score0.10058EPSS
CVE
CVE
added 2022/08/09 8:15 p.m.237 views

CVE-2022-30134

Microsoft Exchange Server Information Disclosure Vulnerability

6.5CVSS7.1AI score0.02141EPSS
CVE
CVE
added 2022/03/09 5:15 p.m.236 views

CVE-2022-24463

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.6AI score0.15029EPSS
CVE
CVE
added 2021/11/10 1:19 a.m.208 views

CVE-2021-41349

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.5AI score0.91436EPSS
CVE
CVE
added 2019/09/11 10:15 p.m.130 views

CVE-2019-1266

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.

6.1CVSS6.3AI score0.00455EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.112 views

CVE-2019-0858

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.

6.1CVSS5.5AI score0.01701EPSS
CVE
CVE
added 2021/10/13 1:15 a.m.102 views

CVE-2021-41350

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.6AI score0.03602EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.101 views

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.100 views

CVE-2016-0032

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2020/11/11 7:15 a.m.98 views

CVE-2020-17085

Microsoft Exchange Server Denial of Service Vulnerability

6.2CVSS6.5AI score0.04239EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.95 views

CVE-2016-0031

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

6.1CVSS5.8AI score0.01465EPSS
CVE
CVE
added 2016/01/13 5:59 a.m.94 views

CVE-2016-0029

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.

6.1CVSS5.8AI score0.01465EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.87 views

CVE-2017-0110

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

6.1CVSS5.9AI score0.01205EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.85 views

CVE-2018-0940

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumu...

6.5CVSS6.5AI score0.1153EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.83 views

CVE-2017-8560

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability...

6.1CVSS5.9AI score0.0079EPSS
CVE
CVE
added 2018/03/14 5:29 p.m.82 views

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server ...

6.5CVSS5.5AI score0.25846EPSS
CVE
CVE
added 2019/01/08 9:29 p.m.80 views

CVE-2019-0588

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

6.5CVSS7AI score0.03687EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.76 views

CVE-2017-8621

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

6.1CVSS6AI score0.00915EPSS
CVE
CVE
added 2017/09/13 1:29 a.m.71 views

CVE-2017-8758

Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."

6.1CVSS5.9AI score0.0079EPSS
CVE
CVE
added 2010/05/07 6:30 p.m.65 views

CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.64 views

CVE-2015-1771

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."

6.8CVSS7.3AI score0.02384EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.60 views

CVE-2013-0418

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information...

6.8CVSS5.9AI score0.25098EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.58 views

CVE-2017-8559

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability...

6.1CVSS5.9AI score0.0079EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.57 views

CVE-2016-3379

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."

6.1CVSS6.2AI score0.0716EPSS
CVE
CVE
added 2010/05/07 6:30 p.m.53 views

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.52 views

CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Servic...

6CVSS6.7AI score0.21894EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.49 views

CVE-2002-0049

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

6.4CVSS6.6AI score0.12213EPSS
CVE
CVE
added 2007/05/08 11:19 p.m.46 views

CVE-2007-0220

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving a...

6.8CVSS6AI score0.46708EPSS