Sharepoint Server@2016 Security Vulnerabilities and Issues — Page 2 of Sharepoint Server@2016 CVE List

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2024/06/11 5:15 p.m.•101 views

CVE-2024-30100

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00671EPSS

CVE•added 2022/12/13 7:15 p.m.•100 views

CVE-2022-44690

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.33895EPSS

CVE•added 2020/11/11 7:15 a.m.•99 views

CVE-2020-17061

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.11137EPSS

CVE•added 2022/10/11 7:15 p.m.•99 views

CVE-2022-41038

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.05111EPSS

CVE•added 2024/12/12 2:4 a.m.•96 views

CVE-2024-49062

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS6.1AI score0.00669EPSS

CVE•added 2017/09/13 1:29 a.m.•94 views

CVE-2017-8742

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoin...

9.3CVSS8AI score0.32412EPSS

CVE•added 2023/07/11 6:15 p.m.•93 views

CVE-2023-33134

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.19297EPSS

CVE•added 2024/07/09 5:15 p.m.•93 views

CVE-2024-32987

Microsoft SharePoint Server Information Disclosure Vulnerability

7.5CVSS7.2AI score0.16251EPSS

CVE•added 2024/07/09 5:15 p.m.•93 views

CVE-2024-38024

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.3AI score0.68797EPSS

CVE•added 2019/05/16 7:29 p.m.•92 views

CVE-2019-0949

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.

5.7CVSS5.4AI score0.07161EPSS

CVE•added 2019/01/08 9:29 p.m.•91 views

CVE-2019-0558

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Micros...

5.4CVSS5.1AI score0.00485EPSS

CVE•added 2017/09/13 1:29 a.m.•88 views

CVE-2017-8743

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.

9.3CVSS7.8AI score0.32412EPSS

CVE•added 2023/07/11 6:15 p.m.•86 views

CVE-2023-33159

Microsoft SharePoint Server Spoofing Vulnerability

8.8CVSS8.5AI score0.00238EPSS

CVE•added 2022/06/15 10:15 p.m.•84 views

CVE-2022-30159

Microsoft Office Information Disclosure Vulnerability

5.5CVSS5.7AI score0.02947EPSS

CVE•added 2024/12/12 2:4 a.m.•79 views

CVE-2024-49065

Microsoft Office Remote Code Execution Vulnerability

5.5CVSS5.9AI score0.00187EPSS

CVE•added 2016/07/13 1:59 a.m.•77 views

CVE-2016-3282

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Shar...

9.3CVSS7.6AI score0.41944EPSS

CVE•added 2018/12/12 12:29 a.m.•77 views

CVE-2018-8580

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microso...

4.3CVSS4AI score0.06494EPSS

CVE•added 2019/05/16 7:29 p.m.•77 views

CVE-2019-0950

5.7CVSS5.4AI score0.07161EPSS

CVE•added 2024/09/10 5:15 p.m.•75 views

CVE-2024-43464

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.66597EPSS

CVE•added 2025/01/14 6:16 p.m.•75 views

CVE-2025-21393

Microsoft SharePoint Server Spoofing Vulnerability

6.3CVSS6.2AI score0.00103EPSS

CVE•added 2018/05/09 7:29 p.m.•74 views

CVE-2018-8161

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from C...

9.3CVSS7.7AI score0.24873EPSS

CVE•added 2019/01/08 9:29 p.m.•73 views

CVE-2019-0557

5.4CVSS5.1AI score0.00485EPSS

CVE•added 2022/10/11 7:15 p.m.•70 views

CVE-2022-41037

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.06087EPSS

CVE•added 2022/10/11 7:15 p.m.•68 views

CVE-2022-41036

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.06087EPSS

CVE•added 2024/09/10 5:15 p.m.•67 views

CVE-2024-38227

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.01843EPSS

CVE•added 2024/09/10 5:15 p.m.•67 views

CVE-2024-38228

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.01843EPSS

CVE•added 2024/12/12 2:4 a.m.•67 views

CVE-2024-49070

Microsoft SharePoint Remote Code Execution Vulnerability

7.4CVSS7.6AI score0.00143EPSS

CVE•added 2018/06/14 12:29 p.m.•66 views

CVE-2018-8254

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. ...

5.4CVSS5.5AI score0.00869EPSS

CVE•added 2024/09/10 5:15 p.m.•66 views

CVE-2024-43466

Microsoft SharePoint Server Denial of Service Vulnerability

7.5CVSS7.2AI score0.12381EPSS

CVE•added 2017/07/11 9:29 p.m.•65 views

CVE-2017-8569

Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".

8.8CVSS8.2AI score0.08889EPSS

CVE•added 2024/12/12 2:4 a.m.•65 views

CVE-2024-49068

Microsoft SharePoint Elevation of Privilege Vulnerability

8.2CVSS8.1AI score0.0226EPSS

CVE•added 2018/05/09 7:29 p.m.•64 views

CVE-2018-8149

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2018/05/09 7:29 p.m.•64 views

CVE-2018-8156

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2024/10/08 6:15 p.m.•64 views

CVE-2024-43503

Microsoft SharePoint Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.00701EPSS

CVE•added 2018/06/14 12:29 p.m.•63 views

CVE-2018-8252

5.4CVSS5.5AI score0.00869EPSS

CVE•added 2018/05/09 7:29 p.m.•56 views

CVE-2018-8155

5.4CVSS5.5AI score0.00473EPSS

CVE•added 2024/12/12 2:4 a.m.•56 views

CVE-2024-49064

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS6.1AI score0.00275EPSS

CVE•added 2018/02/15 2:29 a.m.•55 views

CVE-2018-0864

SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".

5.4CVSS5.3AI score0.01094EPSS

CVE•added 2025/05/13 5:16 p.m.•54 views

CVE-2025-30378

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

7CVSS7.4AI score0.00162EPSS

CVE•added 2025/05/13 5:15 p.m.•51 views

CVE-2025-29976

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.00061EPSS

CVE•added 2025/07/08 5:15 p.m.•46 views

CVE-2025-49704

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8CVSS6.9AI score0.00296EPSS

CVE•added 2025/05/13 5:16 p.m.•45 views

CVE-2025-30382

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

7.8CVSS7.7AI score0.00177EPSS

Total number of security vulnerabilities103