Sharepoint Server Security Vulnerabilities and Issues — Page 2 of Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

464 matches found

CVE•added 2018/08/15 5:29 p.m.•178 views

CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microso...

5.5CVSS4.9AI score0.23003EPSS

CVE•added 2020/10/16 11:15 p.m.•177 views

CVE-2020-16929

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...

7.8CVSS7.9AI score0.14521EPSS

CVE•added 2018/09/13 12:29 a.m.•176 views

CVE-2018-8426

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

5.4CVSS5.5AI score0.00457EPSS

CVE•added 2021/05/11 7:15 p.m.•176 views

CVE-2021-28474

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.14589EPSS

CVE•added 2024/01/09 6:15 p.m.•176 views

CVE-2024-21318

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.6AI score0.15075EPSS

CVE•added 2021/10/13 1:15 a.m.•174 views

CVE-2021-40487

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.01447EPSS

CVE•added 2023/07/11 6:15 p.m.•172 views

CVE-2023-33165

Microsoft SharePoint Server Security Feature Bypass Vulnerability

7.5CVSS5.7AI score0.01371EPSS

CVE•added 2023/03/14 5:15 p.m.•171 views

CVE-2023-23395

Microsoft SharePoint Server Spoofing Vulnerability

3.1CVSS4AI score0.00854EPSS

CVE•added 2020/05/21 11:15 p.m.•170 views

CVE-2020-1102

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.

8.8CVSS8.3AI score0.46247EPSS

CVE•added 2023/05/09 6:15 p.m.•168 views

CVE-2023-24950

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS6.5AI score0.33241EPSS

CVE•added 2011/09/15 12:26 p.m.•167 views

CVE-2011-0653

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."

4.3CVSS5.5AI score0.47875EPSS

CVE•added 2020/04/15 3:15 p.m.•167 views

CVE-2020-0927

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925...

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2021/08/12 6:15 p.m.•165 views

CVE-2021-36940

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.5AI score0.00973EPSS

CVE•added 2023/04/11 9:15 p.m.•165 views

CVE-2023-28288

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.8AI score0.07487EPSS

CVE•added 2012/07/10 9:55 p.m.•163 views

CVE-2012-1863

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint R...

4.3CVSS5.4AI score0.61898EPSS

CVE•added 2021/07/14 6:15 p.m.•161 views

CVE-2021-34520

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.1AI score0.03751EPSS

CVE•added 2021/07/16 9:15 p.m.•159 views

CVE-2021-34467

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.5AI score0.01836EPSS

CVE•added 2013/01/09 6:9 p.m.•158 views

CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

9.3CVSS7.5AI score0.26376EPSS

CVE•added 2021/07/14 6:15 p.m.•158 views

CVE-2021-34468

Microsoft SharePoint Server Remote Code Execution Vulnerability

8CVSS7.5AI score0.01861EPSS

CVE•added 2019/08/14 9:15 p.m.•156 views

CVE-2019-1201

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then...

9.3CVSS7.8AI score0.12398EPSS

CVE•added 2022/04/15 7:15 p.m.•155 views

CVE-2022-24472

Microsoft SharePoint Server Spoofing Vulnerability

8CVSS6.3AI score0.08455EPSS

CVE•added 2020/10/16 11:15 p.m.•154 views

CVE-2020-16945

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

8.7CVSS7.5AI score0.00452EPSS

CVE•added 2021/03/11 4:15 p.m.•154 views

CVE-2021-24104

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS4.9AI score0.00536EPSS

CVE•added 2022/01/11 9:15 p.m.•153 views

CVE-2022-21840

Microsoft Office Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.09199EPSS

CVE•added 2012/07/10 9:55 p.m.•151 views

CVE-2012-1859

Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "...

4.3CVSS5.6AI score0.61898EPSS

CVE•added 2021/06/08 11:15 p.m.•149 views

CVE-2021-26420

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.2AI score0.0542EPSS

CVE•added 2022/01/11 9:15 p.m.•149 views

CVE-2022-21842

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01897EPSS

CVE•added 2013/09/11 2:3 p.m.•148 views

CVE-2013-3848

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.5AI score0.61623EPSS

CVE•added 2020/12/10 12:15 a.m.•148 views

CVE-2020-17118

Microsoft SharePoint Remote Code Execution Vulnerability

10CVSS8.4AI score0.11171EPSS

CVE•added 2007/05/09 9:19 p.m.•146 views

CVE-2007-2581

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default....

4.3CVSS5.7AI score0.73346EPSS

CVE•added 2016/06/16 1:59 a.m.•146 views

CVE-2016-0025

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Offi...

9.3CVSS7.2AI score0.24054EPSS

CVE•added 2021/04/13 8:15 p.m.•146 views

CVE-2021-28453

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.04334EPSS

CVE•added 2013/03/13 12:55 a.m.•143 views

CVE-2013-0084

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."

7.5CVSS6.5AI score0.28777EPSS

CVE•added 2013/09/11 2:3 p.m.•143 views

CVE-2013-1330

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC D...

10CVSS7.4AI score0.67297EPSS

CVE•added 2023/01/10 10:15 p.m.•143 views

CVE-2023-21744

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.02247EPSS

CVE•added 2021/03/11 4:15 p.m.•142 views

CVE-2021-27076

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.09186EPSS

CVE•added 2021/05/11 7:15 p.m.•139 views

CVE-2021-26418

Microsoft SharePoint Server Spoofing Vulnerability

7.1CVSS5.2AI score0.00773EPSS

CVE•added 2021/06/08 11:15 p.m.•139 views

CVE-2021-31966

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.2AI score0.13101EPSS

CVE•added 2021/05/11 7:15 p.m.•138 views

CVE-2021-31172

Microsoft SharePoint Server Spoofing Vulnerability

7.1CVSS6.8AI score0.04736EPSS

CVE•added 2021/01/12 8:15 p.m.•137 views

CVE-2021-1715

Microsoft Word Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.0208EPSS

CVE•added 2021/07/14 6:15 p.m.•137 views

CVE-2021-34519

Microsoft SharePoint Server Information Disclosure Vulnerability

5.3CVSS5.2AI score0.01132EPSS

CVE•added 2013/09/11 2:3 p.m.•136 views

CVE-2013-1315

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS7.6AI score0.69342EPSS

CVE•added 2020/03/12 4:15 p.m.•136 views

CVE-2020-0850

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

8.8CVSS7.9AI score0.33652EPSS

CVE•added 2020/12/10 12:15 a.m.•136 views

CVE-2020-17122

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.06282EPSS

CVE•added 2013/03/13 12:55 a.m.•135 views

CVE-2013-0080

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."

7.5CVSS6.5AI score0.41937EPSS

CVE•added 2024/04/09 5:15 p.m.•135 views

CVE-2024-26251

Microsoft SharePoint Server Spoofing Vulnerability

6.8CVSS8.8AI score0.00399EPSS

CVE•added 2013/09/11 2:3 p.m.•134 views

CVE-2013-0081

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

5CVSS6.4AI score0.60252EPSS

CVE•added 2020/09/11 5:15 p.m.•134 views

CVE-2020-1198

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

7.4CVSS7AI score0.00518EPSS

CVE•added 2020/12/10 12:15 a.m.•134 views

CVE-2020-17121

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.13285EPSS

CVE•added 2021/05/11 7:15 p.m.•134 views

CVE-2021-31173

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS5.6AI score0.02944EPSS

Total number of security vulnerabilities464