Lucene search
+L
MicrosoftSharepoint Server-

72 matches found

CVE
CVE
added 2023/02/14 7:33 p.m.700 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2022/02/09 4:36 p.m.596 views

CVE-2022-22005

CVE-2022-22005 – Microsoft SharePoint Server RCE is an authenticated-execution flaw in SharePoint Server. The initial document states that an authenticated user with Manage Lists permissions could cause arbitrary .NET code to run on the SharePoint Web Application service account. Exploitation wou...

8.8CVSS8.8AI score0.16825EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.470 views

CVE-2023-36764

CVE-2023-36764 affects Microsoft SharePoint Server and is an Elevation of Privilege vulnerability. The connected CNVD entry confirms an elevation of privilege issue exists in SharePoint Server; MSRC details indicate a patch exists for SharePoint Server 2019 (KB5002472). The remediation requires i...

8.8CVSS8.5AI score0.02254EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.426 views

CVE-2023-24955

CVE-2023-24955 affects Microsoft SharePoint Server and is a remote code execution vulnerability. The CISA/KEV records describe it as a code injection flaw that can be exploited by an authenticated attacker with Site Owner privileges to execute code remotely, indicating attacker-controlled code ex...

7.2CVSS8.6AI score0.85395EPSS
In wild
CVE
CVE
added 2024/07/09 5:3 p.m.355 views

CVE-2024-38094

CVE-2024-38094 is a Microsoft SharePoint deserialization vulnerability that allows remote code execution. Connected sources indicate an authenticated attacker with Site Owner permissions can inject and execute arbitrary code on the SharePoint server, with exploit activity noted in the wild (CISA ...

7.2CVSS7.5AI score0.47826EPSS
In wild
CVE
CVE
added 2022/02/09 4:36 p.m.293 views

CVE-2022-21968

Technical details about CVE-2022-21968 are not provided in the supplied connected documents. Monitor for updates from official sources to obtain affected products, root cause, impact, and remediation information.

4.3CVSS6.1AI score0.02134EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.286 views

CVE-2022-29108

CVE-2022-29108 affects Microsoft SharePoint Server. The connected docs confirm a remote code execution vulnerability with high impact (CVSS 3.1 base 8.8; CVSS 2.0 base 6.5). Remediation: apply the security update KB5002203 for SharePoint Foundation 2013 and follow Microsoft guidance to mitigate. ...

8.8CVSS8.7AI score0.11576EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.268 views

CVE-2024-21426

CVE-2024-21426 is a Microsoft SharePoint Server remote code execution vulnerability. Publicly documented impact affects multiple SharePoint products, including SharePoint Server 2019, SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and related on-premises deployments. R...

7.8CVSS7.7AI score0.02109EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.233 views

CVE-2023-21742

CVE-2023-21742 affects Microsoft SharePoint Server family. A GitHub PoC for CVE-2023-21742 demonstrates an Improper Access Control path in SharePoint’s webpartpages (POST to _vti_bin/webpartpages.asmx, ConvertWebPartFormat) that leaks an attribute/property; the PoC explicitly notes it is not a fu...

8.8CVSS8.8AI score0.55786EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.223 views

CVE-2022-30172

CVE-2022-30172 is an Microsoft Office information disclosure vulnerability. Connected documents indicate remediation via Microsoft security updates KB5002062/KB5002222/KB5002224/KB5002214 addressing Office/SharePoint components in various Server editions. Exploitation details and affected product...

5.5CVSS6AI score0.02422EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.217 views

CVE-2023-24954

Public technical details (affected product, root cause, impact, or fixes) for CVE-2023-24954 are not provided in the connected documents. Monitor for updates from official advisories.

6.5CVSS6.4AI score0.01786EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.211 views

CVE-2022-21837

CVE-2022-21837 is a remote code execution vulnerability in Microsoft SharePoint Server (on‑prem). Connected sources confirm that exploitation could allow an attacker to run arbitrary code on the SharePoint server (e.g., potentially escalate to SharePoint admin) if the vulnerable SharePoint Server...

9CVSS8.6AI score0.02837EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.211 views

CVE-2023-21743

Mode C CVE-2023-21743 affects Microsoft SharePoint Server and is a security feature bypass vulnerability. An unauthenticated attacker could bypass authentication and establish an anonymous connection to a vulnerable SharePoint farm. Exploitation requires triggering a SharePoint upgrade action, wh...

5.3CVSS6.4AI score0.01124EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.210 views

CVE-2023-28288

CVE-2023-28288 is a network-exploitable spoofing vulnerability affecting Microsoft SharePoint Server families. Public references (Exploit-DB entry) show a remote exploit against SharePoint Enterprise Server 2016, aligning with the vulnerability class described as spoofing in the CVE record. The C...

8.1CVSS7.8AI score0.06233EPSS
Web
CVE
CVE
added 2023/11/14 5:57 p.m.210 views

CVE-2023-38177

CVE-2023-38177 is a Microsoft SharePoint Server remote code execution vulnerability. Public updates exist for multiple SharePoint products to remediate it: SharePoint Server 2016/Enterprise Server: KB5002517 (build 16.0.5422.1000) SharePoint Server 2019: KB5002526 (build 16.0.10404.20003) SharePo...

6.8CVSS6.7AI score0.03409EPSS
CVE
CVE
added 2024/01/09 5:57 p.m.205 views

CVE-2024-21318

CVE-2024-21318 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. The CVE entry lists a CVSS v3.1 base score of 8.8 ( HIGH ) with network attack vector, low attack complexity, and privileges required as LOW, no user interaction, and impact on confidenti...

8.8CVSS8.6AI score0.30801EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.204 views

CVE-2023-23395

CVE-2023-23395 relates to a spoofing vulnerability in Microsoft SharePoint Server. The connected sources confirm: (1) affected product is SharePoint Server; (2) root cause described as spoofing in SharePoint components; (3) CVSSv3.1 base score of 3.1 (LOW) with network attack vector, high complex...

3.1CVSS4AI score0.00605EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.196 views

CVE-2022-21840

CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...

8.8CVSS8.8AI score0.02924EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.195 views

CVE-2023-24950

CVE-2023-24950 is a Microsoft SharePoint Server spoofing vulnerability. Public docs identify affected platforms as SharePoint Server (2016/2019 and Subscription Edition) and describe the root cause as a spoofing flaw in the server, enabling spoofing attacks. The connected Nessus entries tie this ...

6.5CVSS6.5AI score0.67452EPSS
CVE
CVE
added 2023/07/11 5:2 p.m.190 views

CVE-2023-33165

CVE-2023-33165 affects Microsoft SharePoint Server (SharePoint Server 2019 Update). The connected documents identify a security feature bypass vulnerability in SharePoint Server that can bypass security restrictions. Remediation is provided via security update KB5002423 (build 16.0.10400.20008) f...

7.5CVSS5.7AI score0.01132EPSS
CVE
CVE
added 2022/04/15 7:2 p.m.187 views

CVE-2022-24472

CVE-2022-24472 is a Microsoft SharePoint Server spoofing vulnerability. Connected sources confirm affected product family (SharePoint Server variants) and indicate remediation via security updates KB5002191 (SharePoint Server Subscription Edition) and KB5002180 (SharePoint Server 2019), which add...

8CVSS6.3AI score0.01881EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.163 views

CVE-2023-21744

CVE-2023-21744 is a Microsoft SharePoint Server remote code execution vulnerability. Connected sources confirm that it affects SharePoint Server products (Foundation 2013, Server 2016/2019 and subscriptions) and that exploitation leads to arbitrary code execution with network access and no user i...

8.8CVSS8.8AI score0.02845EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.157 views

CVE-2024-38018

CVE-2024-38018 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. Connected sources indicate the issue arises from improper handling of serialized instances of the SPThemes class, enabling an attacker to execute arbitrary code on the target system. Repo...

8.8CVSS8.7AI score0.51461EPSS
CVE
CVE
added 2023/02/14 7:33 p.m.154 views

CVE-2023-21717

CVE-2023-21717 affects Microsoft SharePoint Server as an Elevation of Privilege vulnerability. Connected sources confirm affected SharePoint Server family (2013/2016/2019 and Subscription/Foundation variants) with multiple references to CVE-21717 and CVE-21716; the exact root cause is not detaile...

8.8CVSS8.5AI score0.01095EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.150 views

CVE-2022-30157

CVE-2022-30157 relates to Microsoft SharePoint Server remote code execution. CNVD-2022-59590 and the MSRC advisory KB5002224 describe a remote-code-execution vulnerability in SharePoint Server (Subscription Edition included). The patch KB5002224 (June 14, 2022) mitigates this by applying security...

8.8CVSS8.7AI score0.07366EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.149 views

CVE-2023-33129

Technical details about CVE-2023-33129 are not provided in the supplied documents. No specific affected product/version/exploit data is disclosed here. Monitor for updates from official advisories.

6.5CVSS6.6AI score0.01985EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.146 views

CVE-2022-41122

CVE-2022-41122 is described in connected CNVD/NVD sources as a Microsoft SharePoint Server spoofing vulnerability. The CNVD entry notes that an attacker could exploit a specially crafted website to spoof content, tricking users into believing the site is legitimate. The available documents do not...

6.5CVSS6.2AI score0.01463EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.146 views

CVE-2023-33130

Technical details about CVE-2023-33130 (affected product/version, root cause, impact or fixes) are not provided in the connected documents. Monitor for updates from official advisories and sources.

7.3CVSS7.1AI score0.01177EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.145 views

CVE-2024-38023

CVE-2024-38023 affects on-premises Microsoft SharePoint Server. Exploitation path described in connected docs: an attacker with Site Owner permissions can abuse the BDC (Business Data Connectivity) feature via a malicious BDCMetadata.bdcm file to trigger reflective code execution, resulting in RC...

7.2CVSS7.3AI score0.529EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.139 views

CVE-2022-30158

CVE-2022-30158 corresponds to a Microsoft SharePoint Server remote code execution vulnerability. According to the connected sources, the vulnerability affects Microsoft SharePoint Server with RCE potential impacting confidentiality, integrity, and availability (all High). The CVSS v3.1 score is 8...

8.8CVSS8.7AI score0.03031EPSS
CVE
CVE
added 2022/09/13 6:42 p.m.137 views

CVE-2022-37961

CVE-2022-37961 is a remote code execution vulnerability in Microsoft SharePoint Server. The Connected KB describes a security update (KB5002271) for SharePoint Server Subscription Edition (16.0.x) released around Sep 13, 2022 that resolves this RCE alongside related SharePoint RCE advisories. Aff...

8.8CVSS8.7AI score0.50025EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.137 views

CVE-2022-41061

CVE-2022-41061 is a Microsoft Word remote code execution vulnerability. The CVSS v3.1 base score is 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, and user interaction required; impact is high for confidentiality, integrity, and availability. Affected: Microsoft Word / Office compon...

7.8CVSS7.8AI score0.01142EPSS
CVE
CVE
added 2021/12/15 2:14 p.m.135 views

CVE-2021-42309

CVE-2021-42309 is a remote code execution vulnerability in Microsoft SharePoint Server identified across multiple SharePoint versions (2013/2016/2019 and Subscription Edition). Public sources in the connected documents describe an RCE vector that allows an attacker to bypass authentication or exe...

8.8CVSS7.8AI score0.02662EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.135 views

CVE-2023-33132

Technical details for CVE-2023-33132 are not publicly provided in the supplied documents. Monitor updates from Microsoft and authorities for affected products, remediation steps, and confirmed exploit status.

6.3CVSS6.4AI score0.00882EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.135 views

CVE-2023-33142

Technical details are not publicly provided in the supplied documents. No affected product/version, impact, or remediation details are available here. Monitor for updates from official advisories.

6.5CVSS6.6AI score0.01022EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.135 views

CVE-2023-33157

CVE-2023-33157 is a Microsoft SharePoint RCE affecting on‑premises SharePoint Server / SharePoint Server Subscription Edition. Public documentation associates this CVE with a remote code execution vulnerability in SharePoint that is addressed by July 2023 security updates (KB5002423/KB5002424; bu...

8.8CVSS8.7AI score0.40644EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.132 views

CVE-2022-30171

Technical details about CVE-2022-30171 (affected product/version, root cause, impact, or fixes) are not provided in the connected documents. Monitor for updates.

5.5CVSS6.2AI score0.02271EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.132 views

CVE-2022-41060

CVE-2022-41060 is a Microsoft Word information disclosure vulnerability. The connected documents reference Word/Office components affected by the November 2022 updates and Office Web Apps Server updates (e.g., KB5002261, KB5002276) addressing Word information disclosure and related vulnerabilitie...

5.5CVSS6.1AI score0.00745EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.132 views

CVE-2024-32987

CVE-2024-32987 is a Microsoft SharePoint Server information disclosure vulnerability affecting SharePoint Server on-premises. The connected sources describe an issue where an attacker could obtain sensitive information from SharePoint Server. Impact is limited to information disclosure (no code e...

7.5CVSS7.2AI score0.02337EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.131 views

CVE-2022-44690

CVE-2022-44690 is a Microsoft SharePoint Server Remote Code Execution vulnerability. Public sources classify it as a network-exploitable flaw with high impact (CB> Confidentiality, Integrity, Availability all High) per CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Connected documents confirm...

8.8CVSS8.7AI score0.82081EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.128 views

CVE-2022-41103

CVE-2022-41103 is Microsoft Word Information Disclosure Vulnerability. Connected sources indicate it is referenced alongside Word/Office and SharePoint update bundles (e.g., Word C2R and SharePoint November 2022 patches). The vulnerability is described as information disclosure; no explicit root-...

5.5CVSS6.1AI score0.00874EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.128 views

CVE-2023-36891

Technical details (affected product/version, root cause, impact, exploitation) for CVE-2023-36891 are not provided in the connected documents. The corpus only notes a SharePoint spoofing vulnerability without concrete specifics.

8CVSS7.6AI score0.01765EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.127 views

CVE-2023-36894

CVE-2023-36894 is a SharePoint Server information‑disclosure vulnerability affecting on‑premises SharePoint Server installations (2016, 2019, and Subscription Edition). The issue, described in multiple sources, enables an information disclosure that could expose sensitive data. The connected docu...

6.5CVSS6.3AI score0.02153EPSS
CVE
CVE
added 2022/02/09 4:36 p.m.124 views

CVE-2022-21987

CVE-2022-21987 is a Spoofing vulnerability in Microsoft SharePoint Server affecting multiple editions (2013/2016/2019 Subscription Edition). The connected documents confirm the issue allows spoofing content presented to users, potentially deceiving them into believing a site is legitimate. Micros...

8CVSS8AI score0.02018EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.124 views

CVE-2022-41038

CVE-2022-41038 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. Public documents in the Connected set confirm SharePoint as the affected product and that remediation is delivered via Microsoft security updates (e.g., KB5002287 for SharePoint Server 20...

8.8CVSS8.7AI score0.02457EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.124 views

CVE-2024-38024

CVE-2024-38024 is a Microsoft SharePoint Server remote code execution vulnerability affecting on-premises SharePoint Server. Public sources describe that exploitation can occur when an attacker with site owner privileges injects and executes arbitrary code in the SharePoint service context, enabl...

7.2CVSS7.3AI score0.45219EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.123 views

CVE-2023-36890

CVE-2023-36890 affects Microsoft SharePoint Server (2019 and Subscription Edition). The connected documents confirm a SharePoint Server information disclosure vulnerability that can lead to sensitive data exposure, with impact limited to confidentiality (CVE-2023-36890). The root cause is describ...

6.5CVSS6.3AI score0.01637EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.123 views

CVE-2024-49062

CVE-2024-49062 is a Microsoft SharePoint Information Disclosure vulnerability affecting SharePoint components used in on-premises deployments. The issue is described in the initial entry with a CVSS v3.1 base score of 6.5 (NETWORK, Privileges Required: LOW, User Interaction: NONE) and indicates d...

6.5CVSS6.1AI score0.03294EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.122 views

CVE-2023-33160

CVE-2023-33160 affects Microsoft SharePoint Server (on‑premises) with a remote code execution vulnerability. The entry shows a high severity (CVSS v3.1: 8.8) and public patches exist: KB5002425 (SharePoint Server 2016) and KB5002423 (SharePoint Server 2019), released 2023‑07‑11. Affected products...

8.8CVSS8.7AI score0.04316EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.120 views

CVE-2023-33134

CVE-2023-33134 is a Microsoft SharePoint Server Remote Code Execution vulnerability affecting on‑prem SharePoint deployments. CVSS v3.1: 8.8 (Network, Privileges Needed: Low, User Interaction: None; Impact: Confidentiality, Integrity, Availability). Mitigation/Remediation: Microsoft published upd...

8.8CVSS8.7AI score0.02568EPSS
Total number of security vulnerabilities72