Sharepoint Server Security Vulnerabilities and Issues — Page 7 of Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

460 matches found

CVE•added 2020/07/14 11:15 p.m.•83 views

CVE-2020-1451

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1456.

5.4CVSS5.1AI score0.00656EPSS

CVE•added 2020/09/11 5:15 p.m.•83 views

CVE-2020-1523

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.To exploit the vulnerability, an attacker would need to be authenticated on an affected Shar...

8.9CVSS8.3AI score0.02574EPSS

CVE•added 2020/09/11 5:15 p.m.•83 views

CVE-2020-1576

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

8.8CVSS8.6AI score0.00403EPSS

CVE•added 2022/09/13 7:15 p.m.•83 views

CVE-2022-38009

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.04734EPSS

CVE•added 2014/10/15 10:55 a.m.•82 views

CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code vi...

9.3CVSS8.7AI score0.35711EPSS

CVE•added 2017/03/17 12:59 a.m.•82 views

CVE-2017-0006

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." T...

9.3CVSS6.7AI score0.23473EPSS

CVE•added 2017/09/13 1:29 a.m.•82 views

CVE-2017-8629

Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".

5.4CVSS5.6AI score0.009EPSS

CVE•added 2019/09/11 10:15 p.m.•82 views

CVE-2019-1296

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.

8.8CVSS8.8AI score0.38462EPSS

CVE•added 2019/11/12 7:15 p.m.•82 views

CVE-2019-1443

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The secu...

6.5CVSS5.8AI score0.15084EPSS

CVE•added 2020/06/09 8:15 p.m.•82 views

CVE-2020-1183

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2020/09/11 5:15 p.m.•82 views

CVE-2020-1482

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

6.3CVSS6.7AI score0.00438EPSS

CVE•added 2016/07/13 1:59 a.m.•81 views

CVE-2016-3279

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2...

5.5CVSS6.8AI score0.25755EPSS

CVE•added 2016/12/20 6:59 a.m.•81 views

CVE-2016-7290

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2019/09/11 10:15 p.m.•81 views

CVE-2019-1257

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.

8.8CVSS8.8AI score0.38462EPSS

CVE•added 2020/04/15 3:15 p.m.•81 views

CVE-2020-0972

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.

5.4CVSS5.3AI score0.00612EPSS

CVE•added 2020/05/21 11:15 p.m.•81 views

CVE-2020-1024

8.8CVSS8.3AI score0.46247EPSS

CVE•added 2019/04/09 9:29 p.m.•80 views

CVE-2019-0830

5.4CVSS5AI score0.00578EPSS

CVE•added 2019/07/29 2:13 p.m.•80 views

CVE-2019-1134

5.4CVSS5.7AI score0.00578EPSS

CVE•added 2020/05/21 11:15 p.m.•80 views

CVE-2020-1101

5.4CVSS5.1AI score0.01851EPSS

CVE•added 2020/07/14 11:15 p.m.•80 views

CVE-2020-1443

5.4CVSS6.9AI score0.01514EPSS

CVE•added 2016/04/12 11:59 p.m.•79 views

CVE-2016-0127

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server ...

9.3CVSS7.8AI score0.21675EPSS

CVE•added 2017/03/17 12:59 a.m.•79 views

CVE-2017-0027

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclo...

4.7CVSS5AI score0.29533EPSS

CVE•added 2019/06/12 2:29 p.m.•79 views

CVE-2019-1032

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS5.1AI score0.00528EPSS

CVE•added 2022/09/13 7:15 p.m.•79 views

CVE-2022-38008

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.04734EPSS

CVE•added 2024/12/12 2:4 a.m.•79 views

CVE-2024-49065

Microsoft Office Remote Code Execution Vulnerability

5.5CVSS5.9AI score0.00187EPSS

CVE•added 2010/06/08 8:30 p.m.•78 views

CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or ...

4.3CVSS5.4AI score0.44933EPSS

CVE•added 2014/05/14 11:13 a.m.•78 views

CVE-2014-1754

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.3CVSS4.9AI score0.1316EPSS

CVE•added 2019/05/16 7:29 p.m.•78 views

CVE-2019-0958

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.

8.8CVSS8.4AI score0.09363EPSS

CVE•added 2020/05/21 11:15 p.m.•78 views

CVE-2020-1104

5.4CVSS5.4AI score0.00675EPSS

CVE•added 2022/09/13 7:15 p.m.•78 views

CVE-2022-35823

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.36344EPSS

CVE•added 2015/10/14 1:59 a.m.•77 views

CVE-2015-2555

Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula obje...

9.3CVSS7.4AI score0.4881EPSS

CVE•added 2016/07/13 1:59 a.m.•77 views

CVE-2016-3282

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Shar...

9.3CVSS7.6AI score0.41944EPSS

CVE•added 2017/07/11 9:29 p.m.•77 views

CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

9.3CVSS7.8AI score0.29765EPSS

CVE•added 2018/12/12 12:29 a.m.•77 views

CVE-2018-8580

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microso...

4.3CVSS4AI score0.06494EPSS

CVE•added 2019/01/08 9:29 p.m.•77 views

CVE-2019-0562

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS6.2AI score0.00495EPSS

CVE•added 2019/05/16 7:29 p.m.•77 views

CVE-2019-0950

5.7CVSS5.4AI score0.07161EPSS

CVE•added 2020/05/21 11:15 p.m.•77 views

CVE-2020-1105

5.4CVSS5.4AI score0.00675EPSS

CVE•added 2021/12/15 3:15 p.m.•77 views

CVE-2021-43242

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS6.4AI score0.00826EPSS

CVE•added 2010/09/17 6:0 p.m.•76 views

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting ...

4.3CVSS7.4AI score0.44933EPSS

CVE•added 2016/11/10 6:59 a.m.•76 views

CVE-2016-7233

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or ...

6.5CVSS6.3AI score0.13703EPSS

CVE•added 2016/12/20 6:59 a.m.•76 views

CVE-2016-7291

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2018/11/14 1:29 a.m.•76 views

CVE-2018-8568

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS6.3AI score0.00427EPSS

CVE•added 2019/06/12 2:29 p.m.•76 views

CVE-2019-1033

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

5.4CVSS5.1AI score0.00528EPSS

CVE•added 2019/10/10 2:15 p.m.•76 views

CVE-2019-1330

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.

6.5CVSS5.8AI score0.12558EPSS

CVE•added 2016/03/09 11:59 a.m.•75 views

CVE-2016-0134

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2...

9.3CVSS7.7AI score0.38562EPSS

CVE•added 2019/05/16 7:29 p.m.•75 views

CVE-2019-0952

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.9AI score0.37197EPSS

CVE•added 2019/10/10 2:15 p.m.•75 views

CVE-2019-1329

5.4CVSS5.9AI score0.12558EPSS

CVE•added 2020/06/09 8:15 p.m.•75 views

CVE-2020-1318

5.4CVSS5.1AI score0.00773EPSS

CVE•added 2024/09/10 5:15 p.m.•75 views

CVE-2024-43464

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.66597EPSS

CVE•added 2025/01/14 6:16 p.m.•75 views