Sharepoint Server Security Vulnerabilities and Issues — Page 5 of Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

460 matches found

CVE•added 2019/06/12 2:29 p.m.•99 views

CVE-2019-1034

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fi...

9.3CVSS7.6AI score0.12927EPSS

CVE•added 2020/05/21 11:15 p.m.•99 views

CVE-2020-1099

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106...

5.4CVSS5.1AI score0.01851EPSS

CVE•added 2020/07/14 11:15 p.m.•99 views

CVE-2020-1456

5.4CVSS5.1AI score0.00656EPSS

CVE•added 2020/11/11 7:15 a.m.•99 views

CVE-2020-17061

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.11137EPSS

CVE•added 2022/10/11 7:15 p.m.•99 views

CVE-2022-41038

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.05111EPSS

CVE•added 2016/05/11 1:59 a.m.•98 views

CVE-2016-0183

The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."

9.3CVSS8.2AI score0.35188EPSS

CVE•added 2020/04/15 3:15 p.m.•98 views

CVE-2020-0971

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, C...

8.8CVSS8.3AI score0.30943EPSS

CVE•added 2020/08/17 7:15 p.m.•98 views

CVE-2020-1499

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.The attacke...

5.5CVSS6.2AI score0.01717EPSS

CVE•added 2020/09/11 5:15 p.m.•98 views

CVE-2020-1595

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm accoun...

9.9CVSS9.3AI score0.01122EPSS

CVE•added 2020/10/16 11:15 p.m.•98 views

CVE-2020-16944

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successful...

8.7CVSS8.1AI score0.00584EPSS

CVE•added 2021/01/12 8:15 p.m.•98 views

CVE-2021-1719

Microsoft SharePoint Elevation of Privilege Vulnerability

8CVSS7.8AI score0.01091EPSS

CVE•added 2022/02/09 5:15 p.m.•98 views

CVE-2022-21987

Microsoft SharePoint Server Spoofing Vulnerability

8CVSS8AI score0.05327EPSS

CVE•added 2020/06/09 8:15 p.m.•97 views

CVE-2020-1178

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.

8.8CVSS8.3AI score0.06667EPSS

CVE•added 2020/07/14 11:15 p.m.•97 views

CVE-2020-1448

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2020/08/17 7:15 p.m.•97 views

CVE-2020-1573

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.5CVSS6.1AI score0.01125EPSS

CVE•added 2019/04/09 9:29 p.m.•96 views

CVE-2019-0831

5.4CVSS5AI score0.00578EPSS

CVE•added 2020/09/11 5:15 p.m.•96 views

CVE-2020-1338

8.8CVSS7.7AI score0.07867EPSS

CVE•added 2021/01/12 8:15 p.m.•96 views

CVE-2021-1717

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS5.5AI score0.00978EPSS

CVE•added 2024/12/12 2:4 a.m.•96 views

CVE-2024-49062

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS6.1AI score0.00669EPSS

CVE•added 2020/04/15 3:15 p.m.•95 views

CVE-2020-0920

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, C...

8.8CVSS8.3AI score0.30943EPSS

CVE•added 2020/04/15 3:15 p.m.•95 views

CVE-2020-0978

5.4CVSS5.2AI score0.01102EPSS

CVE•added 2020/06/09 8:15 p.m.•95 views

CVE-2020-1320

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2021/09/15 12:15 p.m.•95 views

CVE-2021-38651

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.2AI score0.0108EPSS

CVE•added 2021/10/13 1:15 a.m.•95 views

CVE-2021-40483

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.4AI score0.06439EPSS

CVE•added 2023/08/08 6:15 p.m.•95 views

CVE-2023-36892

Microsoft SharePoint Server Spoofing Vulnerability

8CVSS7.6AI score0.00247EPSS

CVE•added 2017/04/12 2:59 p.m.•94 views

CVE-2017-0195

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user ...

5.4CVSS5.2AI score0.01103EPSS

CVE•added 2017/09/13 1:29 a.m.•94 views

CVE-2017-8742

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoin...

9.3CVSS8AI score0.32412EPSS

CVE•added 2019/11/12 7:15 p.m.•94 views

CVE-2019-1446

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS5.6AI score0.08477EPSS

CVE•added 2020/03/12 4:15 p.m.•94 views

CVE-2020-0893

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2020/09/11 5:15 p.m.•94 views

CVE-2020-1205

4.9CVSS6AI score0.01581EPSS

CVE•added 2020/06/09 8:15 p.m.•94 views

CVE-2020-1297

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1445

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

5.5CVSS6.1AI score0.28299EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1450

5.4CVSS5.1AI score0.00656EPSS

CVE•added 2020/10/16 11:15 p.m.•94 views

CVE-2020-16942

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.To take advantage of th...

4.4CVSS5.7AI score0.00334EPSS

CVE•added 2020/11/11 7:15 a.m.•94 views

CVE-2020-17060

Microsoft SharePoint Server Spoofing Vulnerability

5.8CVSS6.7AI score0.00617EPSS

CVE•added 2016/05/11 1:59 a.m.•93 views

CVE-2016-0140

Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.29275EPSS

CVE•added 2018/07/11 12:29 a.m.•93 views

CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microso...

9.3CVSS7.3AI score0.53408EPSS

CVE•added 2020/08/17 7:15 p.m.•93 views

CVE-2020-1505

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have...

5.5CVSS6.3AI score0.01174EPSS

CVE•added 2020/11/11 7:15 a.m.•93 views

CVE-2020-16979

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.2AI score0.0305EPSS

CVE•added 2023/07/11 6:15 p.m.•93 views

CVE-2023-33134

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.19297EPSS

CVE•added 2024/07/09 5:15 p.m.•93 views

CVE-2024-32987

Microsoft SharePoint Server Information Disclosure Vulnerability

7.5CVSS7.2AI score0.16251EPSS

CVE•added 2024/07/09 5:15 p.m.•93 views

CVE-2024-38024

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.3AI score0.68797EPSS

CVE•added 2019/05/16 7:29 p.m.•92 views

CVE-2019-0949

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.

5.7CVSS5.4AI score0.07161EPSS

CVE•added 2020/06/09 8:15 p.m.•92 views

CVE-2020-1323

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.

6.1CVSS6.5AI score0.01545EPSS

CVE•added 2020/11/11 7:15 a.m.•92 views

CVE-2020-17015

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS4.8AI score0.01235EPSS

CVE•added 2020/11/11 7:15 a.m.•92 views

CVE-2020-17016

Microsoft SharePoint Server Spoofing Vulnerability

8.8CVSS8AI score0.16892EPSS

CVE•added 2022/10/11 7:15 p.m.•92 views

CVE-2022-38053

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.51084EPSS

CVE•added 2022/11/09 10:15 p.m.•92 views

CVE-2022-41062

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.02164EPSS

CVE•added 2019/01/08 9:29 p.m.•91 views

CVE-2019-0558

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Micros...

5.4CVSS5.1AI score0.00485EPSS

CVE•added 2019/11/12 7:15 p.m.•91 views

CVE-2019-1442

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

5.5CVSS5.9AI score0.07105EPSS

Total number of security vulnerabilities460