Sharepoint Server@2010 Security Vulnerabilities and Issues — Page 3 of Sharepoint Server@2010 CVE List

Lucene search

MicrosoftSharepoint Server2010

128 matches found

CVE•added 2012/07/10 9:55 p.m.•67 views

CVE-2012-1860

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modificatio...

5.5CVSS6.3AI score0.01445EPSS

CVE•added 2015/07/14 9:59 p.m.•66 views

CVE-2015-2375

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypa...

4.3CVSS6.4AI score0.19992EPSS

CVE•added 2018/05/09 7:29 p.m.•66 views

CVE-2018-8168

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2015/11/11 12:59 p.m.•65 views

CVE-2015-6093

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office docu...

9.3CVSS7.5AI score0.39746EPSS

CVE•added 2015/10/14 1:59 a.m.•64 views

CVE-2015-2558

Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attack...

9.3CVSS7.5AI score0.4881EPSS

CVE•added 2018/05/09 7:29 p.m.•64 views

CVE-2018-8149

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2015/03/11 10:59 a.m.•63 views

CVE-2015-1633

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Mic...

3.5CVSS4.6AI score0.07905EPSS

CVE•added 2015/04/14 8:59 p.m.•62 views

CVE-2015-1649

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office doc...

9.3CVSS7.5AI score0.55659EPSS

CVE•added 2014/01/15 4:13 p.m.•61 views

CVE-2014-0260

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of se...

9.3CVSS8.7AI score0.28644EPSS

CVE•added 2013/09/11 2:3 p.m.•60 views

CVE-2013-3847

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.5AI score0.61623EPSS

CVE•added 2013/12/11 12:55 a.m.•60 views

CVE-2013-5059

Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."

6.8CVSS7.6AI score0.11014EPSS

CVE•added 2015/02/11 3:1 a.m.•59 views

CVE-2015-0064

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Offi...

9.3CVSS8AI score0.66307EPSS

CVE•added 2012/10/09 9:55 p.m.•58 views

CVE-2012-2520

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office W...

4.3CVSS5.6AI score0.2805EPSS

CVE•added 2014/12/11 12:59 a.m.•57 views

CVE-2014-6357

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold...

9.3CVSS8.8AI score0.55659EPSS

CVE•added 2011/09/15 12:26 p.m.•55 views

CVE-2011-1893

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."

4.3CVSS5.1AI score0.47875EPSS

CVE•added 2013/10/09 2:53 p.m.•55 views

CVE-2013-3889

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrar...

9.3CVSS7.4AI score0.5514EPSS

CVE•added 2017/08/08 9:29 p.m.•55 views

CVE-2017-8654

Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".

5.4CVSS5AI score0.01102EPSS

CVE•added 2011/09/15 12:26 p.m.•54 views

CVE-2011-1989

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2...

9.3CVSS7.5AI score0.59677EPSS

CVE•added 2013/09/11 2:3 p.m.•54 views

CVE-2013-3179

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

4.3CVSS5AI score0.11881EPSS

CVE•added 2015/03/11 10:59 a.m.•54 views

CVE-2015-0086

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2,...

9.3CVSS7.6AI score0.27375EPSS

CVE•added 2013/09/11 2:3 p.m.•53 views

CVE-2013-3857

Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS7.6AI score0.5796EPSS

CVE•added 2011/09/15 12:26 p.m.•52 views

CVE-2011-1890

Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."

4.3CVSS5.8AI score0.40973EPSS

CVE•added 2013/09/11 2:3 p.m.•52 views

CVE-2013-3858

9.3CVSS7.5AI score0.61623EPSS

CVE•added 2015/10/14 1:59 a.m.•52 views

CVE-2015-2556

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (...

4.3CVSS6.6AI score0.39143EPSS

CVE•added 2015/10/14 1:59 a.m.•51 views

CVE-2015-6037

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or ...

3.5CVSS4.7AI score0.10637EPSS

CVE•added 2015/05/13 10:59 a.m.•48 views

CVE-2015-1700

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."

6CVSS7.3AI score0.28764EPSS

CVE•added 2013/03/13 12:55 a.m.•47 views

CVE-2013-0085

Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."

7.8CVSS6.8AI score0.68083EPSS

CVE•added 2013/04/09 10:55 p.m.•47 views

CVE-2013-1289

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

4.3CVSS5.4AI score0.61898EPSS

Total number of security vulnerabilities128